1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.Vundo(s), Tracking Cookies, and 100% CPU Usage by SVCHOST

Discussion in 'Virus & Other Malware Removal' started by JonTPuntificate, Apr 13, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. JonTPuntificate

    JonTPuntificate Thread Starter

    Joined:
    Apr 13, 2010
    Messages:
    78
    Hi. I have exhausted most of my options in deleting these viruses save for temporary relief. I suspect it came from Java. It has since deleted Google Chrome(it rendered it unusable). firefox is extremely slow. Songbird is also very slow. My computer( A netbook: Acer, with 1gig of RAM) I have perused sites and more sites. Having used a variety of scanners(in and out of safe mode) The list is populated with (VundoFix, Malwarebytes Anti-Malware, Norton Corporate, Ad-Aware, STOPzilla, Spyware Doctor, Speedy PC, and y computer is slowly being destroyed. Please help. It is relatively new. Here is my Hijack-This log.

    Thank you.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:48:57 PM, on 4/13/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12093425l0354wuh5w48m23556
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12093425l0354wuh5w48m23556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12093425l0354wuh5w48m23556
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12093425l0354wuh5w48m23556
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll (file missing)
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,c:\windows\system32\lekupeyi.dll,c:\windows\system32\balayoyu.dll,c:\windows\system32\lenipuna.dll,c:\windows\system32\gavomiwi.dll,c:\windows\system32\hakobiwa.dll,c:\windows\system32\waderero.dll,c:\windows\system32\mopiseje.dll,c:\windows\system32\kebukilo.dll,c:\windows\system32\hiyanuhe.dll,c:\windows\system32\majudusu.dll,c:\windows\system32\bupuyafo.dll,c:\windows\system32\pidokobo.dll,c:\windows\system32\yasatuji.dll,c:\windows\system32\parodupa.dll,c:\windows\system32\yiwapeye.dll,c:\windows\system32\huveyeva.dll,c:\windows\system32\bufetoyo.dll,c:\windows\system32\talodowa.dll,c:\windows\system32\hafosale.dll,huvahuwi.dll,c:\windows\system32\tajavoho.dll,c:\windows\system32\tonajewu.dll,c:\windows\system32\yahiyito.dll,c:\windows\system32\gojobeju.dll,c:\windows\system32\setelojo.dll,c:\windows\system32\sujesofu.dll,c:\windows\system32\hajifagu.dll,c:\windows\system32\rewuvafu.dll,c:\windows\system32\lujisosa.dll,c:\windows\system32\jajelu
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: rutatevur - {fe0bf7b2-ba11-44aa-9bc6-bd58f838f9b8} - (no file)
    O21 - SSODL: wadelewum - {2321197f-d9f1-471b-aeae-b1f8236e8280} - (no file)
    O21 - SSODL: hekodevif - {c22de7dc-5046-4d6b-b995-765bb8f1b4d9} - (no file)
    O21 - SSODL: puzahovid - {eaadfb6d-40bc-4677-b72b-afd642c17d0d} - (no file)
    O21 - SSODL: rujidejis - {0b157693-6439-48d4-99ff-fc3e72f010ed} - (no file)
    O21 - SSODL: hiyuboniy - {267593de-441a-4de6-ae55-e7a200329b59} - (no file)
    O21 - SSODL: bepugunil - {857d7287-d4e4-4ac9-a2c2-f26dd12e940e} - (no file)
    O21 - SSODL: juporayus - {a9771b18-37b9-46d2-b222-f4816d17a6e1} - (no file)
    O21 - SSODL: welitober - {5bb61808-614a-4ce1-95a1-828b43881c78} - (no file)
    O21 - SSODL: jelufapeh - {e3c1a9fe-c8cf-477d-9512-4e4b97d8ef8d} - (no file)
    O21 - SSODL: luralubus - {f7d4cd1c-834f-423f-819e-d5e26bfc9e5b} - (no file)
    O21 - SSODL: kihiganok - {e05ee520-a0bd-4679-a008-b5f65c925d75} - (no file)
    O21 - SSODL: posujipoz - {251388d3-cfca-4711-8a02-4655af9bed96} - (no file)
    O21 - SSODL: buveluzar - {a85f32df-9b89-4b65-8a01-0b1345514c69} - (no file)
    O21 - SSODL: zirejomap - {f32e66e7-6a72-4ad0-9e40-5eeb8d935fc5} - (no file)
    O21 - SSODL: wahewerid - {6edf0a81-5ffd-4c16-b215-e4066d419b75} - (no file)
    O21 - SSODL: fevagojef - {de25367a-ad62-4c3a-a566-71a271d343d2} - (no file)
    O21 - SSODL: fazipedaw - {6acb0ad3-1a29-4d28-98e9-186e220b6107} - (no file)
    O21 - SSODL: wuvafepey - {6fc4ec8b-1ed9-462f-9a71-77fcb393e97e} - (no file)
    O21 - SSODL: yatalumoy - {1fe0e5ef-6b8c-40af-98f3-58a54ac0899d} - (no file)
    O21 - SSODL: ziwirumey - {334c5d4b-c570-4215-ac0b-d2058b49abf9} - (no file)
    O21 - SSODL: vulabofah - {f3af7418-dda1-4bc0-b7c2-19ea0db4b6f5} - (no file)
    O21 - SSODL: vamekelom - {335e9f7f-51fe-4904-bbbb-29eb234d9410} - (no file)
    O21 - SSODL: rehipizes - {722791c5-a588-49a3-a839-028d242a30a1} - (no file)
    O21 - SSODL: gihuzomef - {12486180-1268-4221-b474-69b41059ea44} - (no file)
    O21 - SSODL: mizevuviv - {afefe0f5-d3d2-4eed-aa18-5a22460dce0f} - (no file)
    O21 - SSODL: vegenamel - {67806e36-4b12-48b7-b092-ecdc19d28b44} - (no file)
    O21 - SSODL: bimubasah - {3ed45c42-395d-4997-8709-5482136dfcce} - (no file)
    O21 - SSODL: kefakibur - {4be17bc6-7567-45d7-8885-865d8e88239e} - (no file)
    O21 - SSODL: suyidahep - {d469a691-7c6c-4417-954f-08e67911f25d} - (no file)
    O21 - SSODL: temiberit - {731f6391-86a8-4fff-b9af-24709b39b2ae} - (no file)
    O21 - SSODL: bokanuvuv - {8aa3e396-fe69-4403-a053-fb6b3ee412bf} - (no file)
    O21 - SSODL: dojiwizir - {35deba78-3e3f-4622-8f7e-356e7133683d} - (no file)
    O21 - SSODL: fufojufum - {885a6622-7a9b-485c-a4a9-6c70e63ea757} - (no file)
    O21 - SSODL: zasujoguf - {24af8b1f-003d-4dd2-8c41-1eb51994e353} - (no file)
    O21 - SSODL: joraberup - {b745097e-a9d7-4490-9f68-e4282ad99f6d} - (no file)
    O21 - SSODL: lavotekon - {cf23ad97-de39-4b79-90e7-b5d626225d00} - (no file)
    O21 - SSODL: buwaroyiz - {8d012629-287a-4376-836f-a10ca5c72525} - (no file)
    O21 - SSODL: hunadelit - {266020e5-95d0-47ad-8286-487227395c82} - (no file)
    O21 - SSODL: lifutamaz - {5814365c-ed5b-425e-99e4-ec4f4c8044bb} - (no file)
    O21 - SSODL: ziteboziw - {ee542374-c960-4aab-bca3-4387f21cfa24} - (no file)
    O21 - SSODL: yulojupir - {5a3e79d7-0ddc-49c8-a5a2-12a210434bc8} - (no file)
    O21 - SSODL: zibemukoh - {2b62523e-35bd-4905-b8d6-c7b6cef29502} - (no file)
    O21 - SSODL: deregufev - {7485a7a0-3497-4e54-b888-e1f8c743cec2} - (no file)
    O21 - SSODL: fumifihek - {0522d310-5cf8-4cd0-b3ce-76836096987e} - (no file)
    O21 - SSODL: tovijokuk - {3f040c4b-4468-40da-8744-5446bad4dd5a} - (no file)
    O21 - SSODL: yuhulusay - {832d1ae6-985f-459e-88f2-c3bce988998f} - (no file)
    O21 - SSODL: tanafihoj - {75cab0a0-61ac-4caa-9096-7f77e74b48f1} - (no file)
    O21 - SSODL: bafitifat - {6683d256-d006-4383-8fd3-131b8b9706c9} - (no file)
    O21 - SSODL: dehazukuz - {7ef8190e-eb50-4570-bdc2-07002071277a} - (no file)
    O21 - SSODL: meponihut - {20ef7982-fe6e-4e0b-9068-f70df8fd8afb} - (no file)
    O21 - SSODL: yugabudon - {c9096999-be09-472f-b9c9-88c9d82466fb} - (no file)
    O21 - SSODL: hehadarig - {4f9e608f-3151-4c36-9168-9d8e7272dc1f} - (no file)
    O21 - SSODL: diyezoham - {3e72ae0f-4ecd-441b-b0cf-ad79e2ca8116} - (no file)
    O21 - SSODL: duzedijut - {bb8329ee-1f81-4d5d-8669-3defb4107ae7} - (no file)
    O21 - SSODL: pamunutid - {c0a162f6-6594-4abe-a721-1585ed5e0fa4} - (no file)
    O21 - SSODL: nitugitay - {a1f344bd-ec12-4839-b609-5bca5c7a258f} - (no file)
    O21 - SSODL: jimufavij - {3ef4cda0-66b1-4145-8a6d-08a238a9d902} - (no file)
    O21 - SSODL: yatoyuweh - {adc8db47-345a-40b7-b1f8-d29165d65cde} - (no file)
    O21 - SSODL: rufifelam - {ab7ca228-596c-4b97-a912-838d7a33f858} - (no file)
    O21 - SSODL: lewovolas - {f975f7ee-635a-40b3-88b8-2d86cc759208} - (no file)
    O21 - SSODL: foyerosef - {7d9857ef-bf6b-4ab2-b52b-b5d2bcbfefbe} - (no file)
    O21 - SSODL: moyabifup - {d4f9c987-f346-4d44-983f-63c3e8210855} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {fe0bf7b2-ba11-44aa-9bc6-bd58f838f9b8} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {2321197f-d9f1-471b-aeae-b1f8236e8280} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {c22de7dc-5046-4d6b-b995-765bb8f1b4d9} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {eaadfb6d-40bc-4677-b72b-afd642c17d0d} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {0b157693-6439-48d4-99ff-fc3e72f010ed} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {267593de-441a-4de6-ae55-e7a200329b59} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {857d7287-d4e4-4ac9-a2c2-f26dd12e940e} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {a9771b18-37b9-46d2-b222-f4816d17a6e1} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {5bb61808-614a-4ce1-95a1-828b43881c78} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {e3c1a9fe-c8cf-477d-9512-4e4b97d8ef8d} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {f7d4cd1c-834f-423f-819e-d5e26bfc9e5b} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {e05ee520-a0bd-4679-a008-b5f65c925d75} - (no file)
    O22 - SharedTaskScheduler: jugezatag - {251388d3-cfca-4711-8a02-4655af9bed96} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {a85f32df-9b89-4b65-8a01-0b1345514c69} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {f32e66e7-6a72-4ad0-9e40-5eeb8d935fc5} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {6edf0a81-5ffd-4c16-b215-e4066d419b75} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {de25367a-ad62-4c3a-a566-71a271d343d2} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {6acb0ad3-1a29-4d28-98e9-186e220b6107} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {6fc4ec8b-1ed9-462f-9a71-77fcb393e97e} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {1fe0e5ef-6b8c-40af-98f3-58a54ac0899d} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {334c5d4b-c570-4215-ac0b-d2058b49abf9} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {f3af7418-dda1-4bc0-b7c2-19ea0db4b6f5} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {335e9f7f-51fe-4904-bbbb-29eb234d9410} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {722791c5-a588-49a3-a839-028d242a30a1} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {12486180-1268-4221-b474-69b41059ea44} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {afefe0f5-d3d2-4eed-aa18-5a22460dce0f} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {67806e36-4b12-48b7-b092-ecdc19d28b44} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {3ed45c42-395d-4997-8709-5482136dfcce} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {4be17bc6-7567-45d7-8885-865d8e88239e} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {d469a691-7c6c-4417-954f-08e67911f25d} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {731f6391-86a8-4fff-b9af-24709b39b2ae} - (no file)
    O22 - SharedTaskScheduler: jugezatag - {8aa3e396-fe69-4403-a053-fb6b3ee412bf} - (no file)
    O22 - SharedTaskScheduler: jugezatag - {35deba78-3e3f-4622-8f7e-356e7133683d} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {24af8b1f-003d-4dd2-8c41-1eb51994e353} - (no file)
    O22 - SharedTaskScheduler: jugezatag - {b745097e-a9d7-4490-9f68-e4282ad99f6d} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {cf23ad97-de39-4b79-90e7-b5d626225d00} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {8d012629-287a-4376-836f-a10ca5c72525} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {266020e5-95d0-47ad-8286-487227395c82} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {5814365c-ed5b-425e-99e4-ec4f4c8044bb} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {ee542374-c960-4aab-bca3-4387f21cfa24} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {5a3e79d7-0ddc-49c8-a5a2-12a210434bc8} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {2b62523e-35bd-4905-b8d6-c7b6cef29502} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {7485a7a0-3497-4e54-b888-e1f8c743cec2} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {0522d310-5cf8-4cd0-b3ce-76836096987e} - (no file)
    O22 - SharedTaskScheduler: jugezatag - {3f040c4b-4468-40da-8744-5446bad4dd5a} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {832d1ae6-985f-459e-88f2-c3bce988998f} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {75cab0a0-61ac-4caa-9096-7f77e74b48f1} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {6683d256-d006-4383-8fd3-131b8b9706c9} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {7ef8190e-eb50-4570-bdc2-07002071277a} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {20ef7982-fe6e-4e0b-9068-f70df8fd8afb} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {c9096999-be09-472f-b9c9-88c9d82466fb} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {4f9e608f-3151-4c36-9168-9d8e7272dc1f} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {3e72ae0f-4ecd-441b-b0cf-ad79e2ca8116} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {bb8329ee-1f81-4d5d-8669-3defb4107ae7} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {a1f344bd-ec12-4839-b609-5bca5c7a258f} - (no file)
    O22 - SharedTaskScheduler: gahurihor - {3ef4cda0-66b1-4145-8a6d-08a238a9d902} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {adc8db47-345a-40b7-b1f8-d29165d65cde} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {ab7ca228-596c-4b97-a912-838d7a33f858} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {f975f7ee-635a-40b3-88b8-2d86cc759208} - (no file)
    O22 - SharedTaskScheduler: jugezatag - {7d9857ef-bf6b-4ab2-b52b-b5d2bcbfefbe} - (no file)
    O22 - SharedTaskScheduler: jugezatag - {d4f9c987-f346-4d44-983f-63c3e8210855} - (no file)
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

    --
    End of file - 19311 bytes
     
  2. Net_Surfer

    Net_Surfer Banned

    Joined:
    Apr 13, 2010
    Messages:
    25
    Hello JonTPuntificate

    Stand by for my reply with the steps for you to follow!
     
  3. JonTPuntificate

    JonTPuntificate Thread Starter

    Joined:
    Apr 13, 2010
    Messages:
    78
    Okay. Thanks a lot. I really appreciate it.
     
  4. Net_Surfer

    Net_Surfer Banned

    Joined:
    Apr 13, 2010
    Messages:
    25
    Hello again JonTPuntificate and Welcome to TechGuy.org Malware removal forum.

    My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

    Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

    I would also like to inform you that most of us here at TechGuy offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


    Please be patient and I'd be grateful if you would note the following:

    The cleaning process is not instant. Gmer, DDS, ComboFix, RSIT and hijackthis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.


    1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
    2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
    4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
    5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
    6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
    Just because you can't see a problem doesn't mean it isn't there.

    If you can do these things, everything should go smoothly. (y)

    Firstly go to the following link and see instructions in how to disable your Ad-Aware program:

    >>> Disable Ad-Watch<<< to make sure it won't interfere fixing.

    Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.

    Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

    Please carefully follow the next set of steps:

    If you can not download and run the following tools, then I would like for you to try another approach:

    If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
    Be sure you put them on the desktop of the infected computer.


    * exeHelper by Raktor.

    step1. Please download: exeHelper to your desktop.

    Double-click on exeHelper.com to run the fix.
    A black window should pop up, press any key to close once the fix is completed.
    Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    step2. Download and run ComboFix Tool by sUBs

    **Note: In the event you already have old versions of Combofix I need you to delete them, right click on the combofix icon on your desktop and delete it. This is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • If you are using Firefox, make sure that your download settings are as follows:

      * Tools->Options->Main tab
      * Set to "Always ask me where to Save the files".
    • For Internet Explorer:
      o Choose to save, not open the file
      o When prompted - save the file to your desktop, and rename it to CFscan with .exe extension on the end.
    Please download Combofix from any of the links below but rename it to CFscan before saving it to your desktop.
    Link 1
    Link 2

    Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Step 3. Please insert your flash drive and all usb-drives before running Combofix
    • Important notes regarding ComboFix:

      ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

      ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
    • Close any open browsers.
      WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
    • Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

    -----------------------------------------------------------
    Step 4. Double click on the renamed [​IMG] on your desktop & follow the prompts.
    If you are unsure how to run ComboFix tool, please visit this webpage for instructions: How-to-use-combofix

    • If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.

      NOTE: If you have Windows XP: Combofix may ask you to install the Recovery Console, please allow it to do so.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
    *** When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review.***

    A word of advise if you are a lurker: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix.
    It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert.

    Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
    Please read the: Combofix's "Disclaimer".


    Summary of the logs I will need in your next reply:
    • The report log of ExeHelper
    • The "C:\ComboFix.txt"

    How are things your end JonTPuntificate?


    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.


    Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    Kind regards
    Net_Surfer

    [​IMG]
     
  5. JonTPuntificate

    JonTPuntificate Thread Starter

    Joined:
    Apr 13, 2010
    Messages:
    78
    This is all that came up from exehelper.

    exeHelper by Raktor
    Build 20100329
    Run at 17:28:43 on 04/13/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
     
  6. JonTPuntificate

    JonTPuntificate Thread Starter

    Joined:
    Apr 13, 2010
    Messages:
    78
    Here are the results of ComboFix. Small questions. How can I uninstall the Microsoft Recovery Console(I noticed that it said there was a prompt upon rebooting, may like to circumvent that). Also, it tried to create a System Restore Point. I am not sure if my System Restore could afford that(I have it turned off, thus my question is whether or not the point was made).

    ComboFix 10-04-13.02 - Jackanapes 04/13/2010 17:48:07.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.518 [GMT -4:00]
    Running from: c:\documents and settings\Jackanapes\Desktop\CFscan.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Jackanapes\Application Data\.#
    C:\install.exe
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\_000007_.tmp.dll
    c:\windows\system32\_000008_.tmp.dll
    c:\windows\system32\_000009_.tmp.dll
    c:\windows\system32\_000023_.tmp.dll
    c:\windows\system32\_000024_.tmp.dll
    c:\windows\system32\_000025_.tmp.dll
    c:\windows\system32\_000026_.tmp.dll
    c:\windows\Tasks\kxhfzabn.job

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-13 to 2010-04-13 )))))))))))))))))))))))))))))))
    .

    2010-04-13 22:13 . 2010-04-13 22:13 -------- d-----w- c:\windows\LastGood
    2010-04-13 19:48 . 2010-04-13 19:48 -------- d-----w- c:\program files\Trend Micro
    2010-04-13 01:08 . 2010-04-13 01:08 -------- d-----w- c:\documents and settings\Jackanapes\Application Data\Malwarebytes
    2010-04-13 01:06 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-13 01:06 . 2010-04-13 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-13 01:06 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-13 01:06 . 2010-04-13 01:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-12 23:37 . 2010-04-12 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
    2010-04-12 23:35 . 2010-04-12 23:35 262144 ----a-w- c:\documents and settings\ntuser.dat
    2010-04-12 23:34 . 2010-04-12 23:34 -------- d-----w- c:\program files\STOPzilla!
    2010-04-12 23:34 . 2010-04-12 23:34 -------- d-----w- c:\program files\Common Files\iS3
    2010-04-12 23:33 . 2010-04-13 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2010-04-12 22:46 . 2010-04-12 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC
    2010-04-12 22:46 . 2010-04-12 23:07 -------- d-----w- c:\program files\SpeedyPC
    2010-04-02 21:36 . 2010-04-02 21:36 52224 ----a-w- c:\documents and settings\Jackanapes\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-04-02 21:36 . 2010-04-02 21:36 117760 ----a-w- c:\documents and settings\Jackanapes\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-04-02 21:35 . 2010-04-02 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-04-02 21:35 . 2010-04-02 21:35 5120 ----a-r- c:\documents and settings\Jackanapes\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
    2010-04-02 21:35 . 2010-04-02 21:35 65024 ----a-r- c:\documents and settings\Jackanapes\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    2010-04-02 21:35 . 2010-04-02 21:35 18944 ----a-r- c:\documents and settings\Jackanapes\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    2010-04-02 21:34 . 2010-04-02 21:35 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-04-02 21:34 . 2010-04-02 21:34 -------- d-----w- c:\documents and settings\Jackanapes\Application Data\SUPERAntiSpyware.com
    2010-04-02 21:32 . 2010-04-02 21:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-03-29 23:24 . 2010-03-29 23:24 -------- d-----w- c:\program files\Common Files\Skype
    2010-03-29 20:21 . 2010-03-29 20:20 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-03-29 20:20 . 2010-03-29 20:20 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
    2010-03-29 20:20 . 2010-03-29 20:20 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
    2010-03-29 20:20 . 2010-03-29 20:20 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
    2010-03-29 20:20 . 2010-03-29 20:20 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
    2010-03-29 20:20 . 2010-03-29 20:20 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
    2010-03-29 20:20 . 2010-03-29 20:20 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
    2010-03-29 20:20 . 2010-03-29 20:20 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
    2010-03-29 20:18 . 2010-03-29 20:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-03-29 20:18 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-03-28 22:35 . 2010-03-28 22:35 -------- d-----w- C:\VundoFix Backups
    2010-03-27 19:23 . 2010-03-27 19:23 0 ----a-w- c:\windows\nsreg.dat
    2010-03-27 19:23 . 2010-03-27 19:23 -------- d-----w- c:\documents and settings\Jackanapes\Local Settings\Application Data\Mozilla
    2010-03-26 23:41 . 2010-03-26 23:41 -------- d-----w- c:\windows\system32\LogFiles
    2010-03-26 23:33 . 2010-03-26 23:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-13 22:13 . 2010-04-13 22:10 536 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
    2010-04-13 22:11 . 2010-04-13 22:11 80 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
    2010-04-13 22:09 . 2009-12-26 20:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-04-13 21:39 . 2009-12-27 21:29 -------- d-----w- c:\documents and settings\Jackanapes\Application Data\Skype
    2010-04-13 20:00 . 2009-12-27 21:33 -------- d-----w- c:\documents and settings\Jackanapes\Application Data\skypePM
    2010-04-13 19:34 . 2009-08-01 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-04-12 02:54 . 2010-02-02 22:41 -------- d-----w- c:\program files\Spyware Doctor
    2010-04-12 01:29 . 2009-08-01 07:40 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2010-04-12 00:42 . 2010-01-07 00:57 -------- d-----w- c:\program files\Songbird
    2010-04-11 22:38 . 2010-03-27 22:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-10 16:55 . 2010-01-05 23:25 -------- d-----w- c:\documents and settings\Jackanapes\Application Data\uTorrent
    2010-03-29 20:19 . 2010-01-17 03:29 -------- d-----w- c:\program files\Lavasoft
    2010-03-28 15:26 . 2010-03-27 22:03 -------- d-----w- c:\program files\Symantec
    2010-03-28 15:26 . 2010-03-27 22:03 -------- d-----w- c:\program files\NavNT
    2010-03-28 15:26 . 2010-03-27 22:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-03-28 15:26 . 2009-08-01 08:48 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-03-28 15:25 . 2009-08-01 09:07 -------- d-----w- c:\program files\Acer GameZone
    2010-03-27 22:06 . 2010-03-27 22:06 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-03-27 22:04 . 2010-03-27 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-03-19 22:23 . 2010-01-04 00:34 -------- d-----w- c:\program files\Steam
    2010-03-14 07:00 . 2010-01-04 06:07 16 ----a-w- c:\windows\popcinfot.dat
    2010-03-05 22:16 . 2010-03-05 22:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
    2010-03-05 22:14 . 2010-03-05 22:14 442368 ----a-r- c:\windows\system32\SZBase5.dll
    2010-03-05 22:13 . 2010-03-05 22:13 540672 ----a-r- c:\windows\system32\SZComp5.dll
    2010-03-01 16:23 . 2010-01-21 04:23 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
    2010-02-25 06:24 . 2009-08-01 07:34 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 19:06 . 2010-02-24 19:06 173328 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
    2010-02-04 15:53 . 2010-01-17 04:24 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-01-27 16:24 . 2010-01-17 04:23 8 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
    2010-01-21 23:21 . 2010-02-02 22:45 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-01-21 23:21 . 2010-02-02 22:45 165840 ----a-w- c:\windows\PCTBDRes.dll
    2010-01-21 23:21 . 2010-02-02 22:45 1652688 ----a-w- c:\windows\PCTBDCore.dll
    2010-01-21 23:21 . 2010-02-02 22:45 767952 ----a-w- c:\windows\BDTSupport.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
    backup=c:\windows\pss\Acer VCM.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
    2006-07-17 14:40 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
    2008-10-03 03:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-08-01 08:50 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-28 01:00 166424 ----a-w- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2008-04-16 00:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    2009-11-18 17:47 1243088 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    2008-12-30 07:09 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
    2008-07-03 22:58 94208 ----a-w- c:\windows\PLFSetL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2009-08-24 08:01 18702336 ----a-w- c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2010-03-09 14:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
    2009-02-17 01:32 196608 ----a-w- c:\windows\system32\csnp2uvc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-01-04 00:35 1217808 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-12-27 20:37 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-12-26 06:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2009-02-06 02:32 1430824 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    2001-09-24 11:59 73728 ----a-w- c:\program files\NavNT\vptray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes oddysee\\AbeWin.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus\\Exoddus.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/17/2010 12:24 AM 64288]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/2/2010 6:42 PM 207792]
    R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2/24/2010 3:06 PM 173328]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/2/2010 6:45 PM 112592]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1263728]
    R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 5:35 AM 237568]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/2/2010 6:41 PM 359624]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 3:35 AM 38912]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 1:54 AM 135664]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 4:48 AM 1684736]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/1/2009 4:50 AM 24064]
    S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:20]

    2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 05:53]

    2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 05:53]

    2010-04-13 c:\windows\Tasks\SpeedyPC Program Check.job
    - c:\program files\SpeedyPC\SpeedyPC.exe [2010-03-01 19:30]

    2010-04-12 c:\windows\Tasks\SpeedyPC.job
    - c:\program files\SpeedyPC\SpeedyPC.exe [2010-03-01 19:30]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12093425l0354wuh5w48m23556
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12093425l0354wuh5w48m23556
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Jackanapes\Application Data\Mozilla\Firefox\Profiles\31z76v05.default\
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    SharedTaskScheduler-{fe0bf7b2-ba11-44aa-9bc6-bd58f838f9b8} - (no file)
    SharedTaskScheduler-{2321197f-d9f1-471b-aeae-b1f8236e8280} - (no file)
    SharedTaskScheduler-{c22de7dc-5046-4d6b-b995-765bb8f1b4d9} - (no file)
    SharedTaskScheduler-{eaadfb6d-40bc-4677-b72b-afd642c17d0d} - (no file)
    SharedTaskScheduler-{0b157693-6439-48d4-99ff-fc3e72f010ed} - (no file)
    SharedTaskScheduler-{267593de-441a-4de6-ae55-e7a200329b59} - (no file)
    SharedTaskScheduler-{857d7287-d4e4-4ac9-a2c2-f26dd12e940e} - (no file)
    SharedTaskScheduler-{a9771b18-37b9-46d2-b222-f4816d17a6e1} - (no file)
    SharedTaskScheduler-{5bb61808-614a-4ce1-95a1-828b43881c78} - (no file)
    SharedTaskScheduler-{e3c1a9fe-c8cf-477d-9512-4e4b97d8ef8d} - (no file)
    SharedTaskScheduler-{f7d4cd1c-834f-423f-819e-d5e26bfc9e5b} - (no file)
    SharedTaskScheduler-{e05ee520-a0bd-4679-a008-b5f65c925d75} - (no file)
    SharedTaskScheduler-{251388d3-cfca-4711-8a02-4655af9bed96} - (no file)
    SharedTaskScheduler-{a85f32df-9b89-4b65-8a01-0b1345514c69} - (no file)
    SharedTaskScheduler-{f32e66e7-6a72-4ad0-9e40-5eeb8d935fc5} - (no file)
    SharedTaskScheduler-{6edf0a81-5ffd-4c16-b215-e4066d419b75} - (no file)
    SharedTaskScheduler-{de25367a-ad62-4c3a-a566-71a271d343d2} - (no file)
    SharedTaskScheduler-{6acb0ad3-1a29-4d28-98e9-186e220b6107} - (no file)
    SharedTaskScheduler-{6fc4ec8b-1ed9-462f-9a71-77fcb393e97e} - (no file)
    SharedTaskScheduler-{1fe0e5ef-6b8c-40af-98f3-58a54ac0899d} - (no file)
    SharedTaskScheduler-{334c5d4b-c570-4215-ac0b-d2058b49abf9} - (no file)
    SharedTaskScheduler-{f3af7418-dda1-4bc0-b7c2-19ea0db4b6f5} - (no file)
    SharedTaskScheduler-{335e9f7f-51fe-4904-bbbb-29eb234d9410} - (no file)
    SharedTaskScheduler-{722791c5-a588-49a3-a839-028d242a30a1} - (no file)
    SharedTaskScheduler-{12486180-1268-4221-b474-69b41059ea44} - (no file)
    SharedTaskScheduler-{afefe0f5-d3d2-4eed-aa18-5a22460dce0f} - (no file)
    SharedTaskScheduler-{67806e36-4b12-48b7-b092-ecdc19d28b44} - (no file)
    SharedTaskScheduler-{3ed45c42-395d-4997-8709-5482136dfcce} - (no file)
    SharedTaskScheduler-{4be17bc6-7567-45d7-8885-865d8e88239e} - (no file)
    SharedTaskScheduler-{d469a691-7c6c-4417-954f-08e67911f25d} - (no file)
    SharedTaskScheduler-{731f6391-86a8-4fff-b9af-24709b39b2ae} - (no file)
    SharedTaskScheduler-{8aa3e396-fe69-4403-a053-fb6b3ee412bf} - (no file)
    SharedTaskScheduler-{35deba78-3e3f-4622-8f7e-356e7133683d} - (no file)
    SharedTaskScheduler-{24af8b1f-003d-4dd2-8c41-1eb51994e353} - (no file)
    SharedTaskScheduler-{b745097e-a9d7-4490-9f68-e4282ad99f6d} - (no file)
    SharedTaskScheduler-{cf23ad97-de39-4b79-90e7-b5d626225d00} - (no file)
    SharedTaskScheduler-{8d012629-287a-4376-836f-a10ca5c72525} - (no file)
    SharedTaskScheduler-{266020e5-95d0-47ad-8286-487227395c82} - (no file)
    SharedTaskScheduler-{5814365c-ed5b-425e-99e4-ec4f4c8044bb} - (no file)
    SharedTaskScheduler-{ee542374-c960-4aab-bca3-4387f21cfa24} - (no file)
    SharedTaskScheduler-{5a3e79d7-0ddc-49c8-a5a2-12a210434bc8} - (no file)
    SharedTaskScheduler-{2b62523e-35bd-4905-b8d6-c7b6cef29502} - (no file)
    SharedTaskScheduler-{7485a7a0-3497-4e54-b888-e1f8c743cec2} - (no file)
    SharedTaskScheduler-{0522d310-5cf8-4cd0-b3ce-76836096987e} - (no file)
    SharedTaskScheduler-{3f040c4b-4468-40da-8744-5446bad4dd5a} - (no file)
    SharedTaskScheduler-{832d1ae6-985f-459e-88f2-c3bce988998f} - (no file)
    SharedTaskScheduler-{75cab0a0-61ac-4caa-9096-7f77e74b48f1} - (no file)
    SharedTaskScheduler-{6683d256-d006-4383-8fd3-131b8b9706c9} - (no file)
    SharedTaskScheduler-{7ef8190e-eb50-4570-bdc2-07002071277a} - (no file)
    SharedTaskScheduler-{20ef7982-fe6e-4e0b-9068-f70df8fd8afb} - (no file)
    SharedTaskScheduler-{c9096999-be09-472f-b9c9-88c9d82466fb} - (no file)
    SharedTaskScheduler-{4f9e608f-3151-4c36-9168-9d8e7272dc1f} - (no file)
    SharedTaskScheduler-{3e72ae0f-4ecd-441b-b0cf-ad79e2ca8116} - (no file)
    SharedTaskScheduler-{bb8329ee-1f81-4d5d-8669-3defb4107ae7} - (no file)
    SharedTaskScheduler-{a1f344bd-ec12-4839-b609-5bca5c7a258f} - (no file)
    SharedTaskScheduler-{3ef4cda0-66b1-4145-8a6d-08a238a9d902} - (no file)
    SharedTaskScheduler-{adc8db47-345a-40b7-b1f8-d29165d65cde} - (no file)
    SharedTaskScheduler-{ab7ca228-596c-4b97-a912-838d7a33f858} - (no file)
    SharedTaskScheduler-{f975f7ee-635a-40b3-88b8-2d86cc759208} - (no file)
    SharedTaskScheduler-{7d9857ef-bf6b-4ab2-b52b-b5d2bcbfefbe} - (no file)
    SharedTaskScheduler-{d4f9c987-f346-4d44-983f-63c3e8210855} - (no file)
    SSODL-rutatevur-{fe0bf7b2-ba11-44aa-9bc6-bd58f838f9b8} - (no file)
    SSODL-wadelewum-{2321197f-d9f1-471b-aeae-b1f8236e8280} - (no file)
    SSODL-hekodevif-{c22de7dc-5046-4d6b-b995-765bb8f1b4d9} - (no file)
    SSODL-puzahovid-{eaadfb6d-40bc-4677-b72b-afd642c17d0d} - (no file)
    SSODL-rujidejis-{0b157693-6439-48d4-99ff-fc3e72f010ed} - (no file)
    SSODL-hiyuboniy-{267593de-441a-4de6-ae55-e7a200329b59} - (no file)
    SSODL-bepugunil-{857d7287-d4e4-4ac9-a2c2-f26dd12e940e} - (no file)
    SSODL-juporayus-{a9771b18-37b9-46d2-b222-f4816d17a6e1} - (no file)
    SSODL-welitober-{5bb61808-614a-4ce1-95a1-828b43881c78} - (no file)
    SSODL-jelufapeh-{e3c1a9fe-c8cf-477d-9512-4e4b97d8ef8d} - (no file)
    SSODL-luralubus-{f7d4cd1c-834f-423f-819e-d5e26bfc9e5b} - (no file)
    SSODL-kihiganok-{e05ee520-a0bd-4679-a008-b5f65c925d75} - (no file)
    SSODL-posujipoz-{251388d3-cfca-4711-8a02-4655af9bed96} - (no file)
    SSODL-buveluzar-{a85f32df-9b89-4b65-8a01-0b1345514c69} - (no file)
    SSODL-zirejomap-{f32e66e7-6a72-4ad0-9e40-5eeb8d935fc5} - (no file)
    SSODL-wahewerid-{6edf0a81-5ffd-4c16-b215-e4066d419b75} - (no file)
    SSODL-fevagojef-{de25367a-ad62-4c3a-a566-71a271d343d2} - (no file)
    SSODL-fazipedaw-{6acb0ad3-1a29-4d28-98e9-186e220b6107} - (no file)
    SSODL-wuvafepey-{6fc4ec8b-1ed9-462f-9a71-77fcb393e97e} - (no file)
    SSODL-yatalumoy-{1fe0e5ef-6b8c-40af-98f3-58a54ac0899d} - (no file)
    SSODL-ziwirumey-{334c5d4b-c570-4215-ac0b-d2058b49abf9} - (no file)
    SSODL-vulabofah-{f3af7418-dda1-4bc0-b7c2-19ea0db4b6f5} - (no file)
    SSODL-vamekelom-{335e9f7f-51fe-4904-bbbb-29eb234d9410} - (no file)
    SSODL-rehipizes-{722791c5-a588-49a3-a839-028d242a30a1} - (no file)
    SSODL-gihuzomef-{12486180-1268-4221-b474-69b41059ea44} - (no file)
    SSODL-mizevuviv-{afefe0f5-d3d2-4eed-aa18-5a22460dce0f} - (no file)
    SSODL-vegenamel-{67806e36-4b12-48b7-b092-ecdc19d28b44} - (no file)
    SSODL-bimubasah-{3ed45c42-395d-4997-8709-5482136dfcce} - (no file)
    SSODL-kefakibur-{4be17bc6-7567-45d7-8885-865d8e88239e} - (no file)
    SSODL-suyidahep-{d469a691-7c6c-4417-954f-08e67911f25d} - (no file)
    SSODL-temiberit-{731f6391-86a8-4fff-b9af-24709b39b2ae} - (no file)
    SSODL-bokanuvuv-{8aa3e396-fe69-4403-a053-fb6b3ee412bf} - (no file)
    SSODL-dojiwizir-{35deba78-3e3f-4622-8f7e-356e7133683d} - (no file)
    SSODL-fufojufum-{885a6622-7a9b-485c-a4a9-6c70e63ea757} - (no file)
    SSODL-zasujoguf-{24af8b1f-003d-4dd2-8c41-1eb51994e353} - (no file)
    SSODL-joraberup-{b745097e-a9d7-4490-9f68-e4282ad99f6d} - (no file)
    SSODL-lavotekon-{cf23ad97-de39-4b79-90e7-b5d626225d00} - (no file)
    SSODL-buwaroyiz-{8d012629-287a-4376-836f-a10ca5c72525} - (no file)
    SSODL-hunadelit-{266020e5-95d0-47ad-8286-487227395c82} - (no file)
    SSODL-lifutamaz-{5814365c-ed5b-425e-99e4-ec4f4c8044bb} - (no file)
    SSODL-ziteboziw-{ee542374-c960-4aab-bca3-4387f21cfa24} - (no file)
    SSODL-yulojupir-{5a3e79d7-0ddc-49c8-a5a2-12a210434bc8} - (no file)
    SSODL-zibemukoh-{2b62523e-35bd-4905-b8d6-c7b6cef29502} - (no file)
    SSODL-deregufev-{7485a7a0-3497-4e54-b888-e1f8c743cec2} - (no file)
    SSODL-fumifihek-{0522d310-5cf8-4cd0-b3ce-76836096987e} - (no file)
    SSODL-tovijokuk-{3f040c4b-4468-40da-8744-5446bad4dd5a} - (no file)
    SSODL-yuhulusay-{832d1ae6-985f-459e-88f2-c3bce988998f} - (no file)
    SSODL-tanafihoj-{75cab0a0-61ac-4caa-9096-7f77e74b48f1} - (no file)
    SSODL-bafitifat-{6683d256-d006-4383-8fd3-131b8b9706c9} - (no file)
    SSODL-dehazukuz-{7ef8190e-eb50-4570-bdc2-07002071277a} - (no file)
    SSODL-meponihut-{20ef7982-fe6e-4e0b-9068-f70df8fd8afb} - (no file)
    SSODL-yugabudon-{c9096999-be09-472f-b9c9-88c9d82466fb} - (no file)
    SSODL-hehadarig-{4f9e608f-3151-4c36-9168-9d8e7272dc1f} - (no file)
    SSODL-diyezoham-{3e72ae0f-4ecd-441b-b0cf-ad79e2ca8116} - (no file)
    SSODL-duzedijut-{bb8329ee-1f81-4d5d-8669-3defb4107ae7} - (no file)
    SSODL-pamunutid-{c0a162f6-6594-4abe-a721-1585ed5e0fa4} - (no file)
    SSODL-nitugitay-{a1f344bd-ec12-4839-b609-5bca5c7a258f} - (no file)
    SSODL-jimufavij-{3ef4cda0-66b1-4145-8a6d-08a238a9d902} - (no file)
    SSODL-yatoyuweh-{adc8db47-345a-40b7-b1f8-d29165d65cde} - (no file)
    SSODL-rufifelam-{ab7ca228-596c-4b97-a912-838d7a33f858} - (no file)
    SSODL-lewovolas-{f975f7ee-635a-40b3-88b8-2d86cc759208} - (no file)
    SSODL-foyerosef-{7d9857ef-bf6b-4ab2-b52b-b5d2bcbfefbe} - (no file)
    SSODL-moyabifup-{d4f9c987-f346-4d44-983f-63c3e8210855} - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-Google Update - c:\documents and settings\Jackanapes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    MSConfigStartUp-seranikej - c:\windows\system32\tubakile.dll
    AddRemove-MSC - c:\program files\McAfee\MSC\mcuninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-13 18:11
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x86242CF7]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf76a1f28
    \Driver\ACPI -> ACPI.sys @ 0xf75cbcb8
    \Driver\iaStor -> iaStor.sys @ 0xf74ca78c
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Atheros AR8132 PCI-E Fast Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf738abb0
    PacketIndicateHandler -> NDIS.sys @ 0xf7379a0d
    SendHandler -> NDIS.sys @ 0xf738db40
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,75,42,24,33,e8,ad,4e,9e,fe,c6,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,75,42,24,33,e8,ad,4e,9e,fe,c6,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(604)
    c:\windows\system32\WININET.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\NavLogon.dll

    - - - - - - - > 'lsass.exe'(932)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(3844)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
    c:\program files\NavNT\defwatch.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\NavNT\rtvscan.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\MsgSys.EXE
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-13 18:27:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-13 22:27

    Pre-Run: 123,469,611,008 bytes free
    Post-Run: 123,925,704,704 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - D72DE321826EDFFA599577239FF02C87
     
  7. JonTPuntificate

    JonTPuntificate Thread Starter

    Joined:
    Apr 13, 2010
    Messages:
    78
    Crap. I accidentally ran exehelper(again) after combofix. Is this bad?
     
  8. JonTPuntificate

    JonTPuntificate Thread Starter

    Joined:
    Apr 13, 2010
    Messages:
    78
    Experiencing a rash of "Generic Win32 process has encountered a problem"(just one, but I have seen it before). It has resulted in Firefox crashing every time. As well as pop-ups in Firefox which also result in a crash.
     
  9. Net_Surfer

    Net_Surfer Banned

    Joined:
    Apr 13, 2010
    Messages:
    25
    Hello again JonTPontificate, :)

    It wont hurt that you had run exehelper again.

    I will recommend leaving the Microsoft Recovery Console, you will need it in the future if your computer becames unbootable. ON vista they have that option already installed but not in xp. It only takes three seconds for the message to disappear when you log into windows.......not a biggie.

    Please do not attempt to do fixes on your own, I will guide you until I declared Clean.

    Please read on and take a note:


    P2P (File Sharing) Warning!

    P2P file sharing: >>>Know the risks<<<


    Going over your logs I noticed that you have utorrent installed.

    Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

    Once upon a time, P2P file sharing was fairly safe. That is no longer true.
    P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

    Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
    When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

    There are some very good reasons for this, and they are for your protection:


    From a security standpoint, p2p forms a direct connection into your computer and circumvents or by passes most security, Anti-Malware and firewall software or hardware.

    Any type of security on these programs is poor at best and non existent on some, this could lead to Malware being downloaded into your computer without your knowledge.

    Additionally, in cases where the program has not been configured correctly, a lot more than your music files have finished up being shared with others.

    Passwords, PIN numbers, bank accounts, and other personal details have been harvested by the unscrupulous for their own gain at your expense.

    Have a read of the below article to see where that happened:

    Update: Seattle man arrested for p-to-p ID theft | InfoWorld | News | 2007-09-06 | By Robert McMillan, IDG News Service

    I would recommend that you uninstall utorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Programs and Features if Vista or within Add or remove programs in XP.

    You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
    If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

    SpeedyPC Warning!

    I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools

    They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.

    The following is referring to
    < SpeedyPC >.
    Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
    • Registry tools can cause irreparable damage to your Operating System
    • Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
    • The point we are trying to make is that the risk of using one far outweighs any benefit.
    • If it does work perfectly you will not see any difference
      If it doesn't work properly you may end up with an expensive doorstop.
    • Registry tools can, as a result of the above, render your pc to be inoperable.
    This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
    If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

    Registry cleaners should be used with caution and always back up your registry before deleting what it says are invalid entries.
    be careful you do not overclean your Registry and come to regret it. What's called invalid may be what your system needs to run correctly.

    discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html

    Please read this blog by: miekiemoes. Link

    ----------------------------^-------------------------------​
    Stopzilla warning!

    Going over your logs I noticed that you have Stopzilla installed on your computer.

    Stopzilla is indeed a resource hog and to be honest, I don't really recommend Stopzilla anyway, because I've seen it being pushed by malware - which means, malware causes to display popups where it asks to install Stopzilla. This doesn't make sense and that's why it makes Stopzilla a questionable application.


    Please follow the instructions of the next set of steps:

    Step #1. Let's try this new tool that was just released.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
    • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

      "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
    • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
    • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


    Step #2.
    • Download: >>> OTL by Old Timer <<< to your desktop.
    • if you have problems, try this download link:
      >>> Link #2: OTL <<<
    • Double click on the [​IMG] icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .
    [​IMG]

    • Now copy the lines below.

      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      CREATERESTOREPOINT
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      [​IMG]
      .
    • Click the Run Scan button.

      [​IMG]
    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.



    Summary of the logs I will need in your next reply:
    • The TDSSkiller report log
    • the report logs of OTL:

      OTL.Txt and Extras.Txt
    How are things your end JonTPontificate?




    Kind regards
    Net_Surfer

    [​IMG]
     
  10. JonTPuntificate

    JonTPuntificate Thread Starter

    Joined:
    Apr 13, 2010
    Messages:
    78
    I saved the extracted files to my desktop. Ran TDSSKiller. It gave me no .txt file upon completion. It prompted me to reboot after cleaning (1) registry error. I hit enter(it said hit "y" or "n") it rebooted. i then tried to find the .txt file via my computer>search>"TDSSKiller.txt". But my search option is gone, or rather, the little companion has no text above its head.
     
  11. JonTPuntificate

    JonTPuntificate Thread Starter

    Joined:
    Apr 13, 2010
    Messages:
    78
    Since it rebooted, i tried it for a second time. Then manually went itno the c:\ drive and found this. Though it may not be the initial results, but the second test's. Regardless.

    21:24:13:031 3352 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
    21:24:13:031 3352 ================================================================================
    21:24:13:031 3352 SystemInfo:

    21:24:13:031 3352 OS Version: 5.1.2600 ServicePack: 3.0
    21:24:13:031 3352 Product type: Workstation
    21:24:13:031 3352 ComputerName: MAGNETONE
    21:24:13:031 3352 UserName: Jackanapes
    21:24:13:031 3352 Windows directory: C:\WINDOWS
    21:24:13:031 3352 Processor architecture: Intel x86
    21:24:13:031 3352 Number of processors: 2
    21:24:13:031 3352 Page size: 0x1000
    21:24:13:046 3352 Boot type: Normal boot
    21:24:13:046 3352 ================================================================================
    21:24:13:062 3352 UnloadDriverW: NtUnloadDriver error 2
    21:24:13:062 3352 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
    21:24:13:078 3352 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
    21:24:13:078 3352 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    21:24:13:078 3352 wfopen_ex: Trying to KLMD file open
    21:24:13:078 3352 wfopen_ex: File opened ok (Flags 2)
    21:24:13:078 3352 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
    21:24:13:078 3352 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    21:24:13:078 3352 wfopen_ex: Trying to KLMD file open
    21:24:13:078 3352 wfopen_ex: File opened ok (Flags 2)
    21:24:13:078 3352 Initialize success
    21:24:13:078 3352
    21:24:13:078 3352 Scanning Services ...
    21:24:13:250 3352 Raw services enum returned 346 services
    21:24:13:281 3352
    21:24:13:281 3352 Scanning Kernel memory ...
    21:24:13:281 3352 Devices to scan: 3
    21:24:13:281 3352
    21:24:13:281 3352 Driver Name: Disk
    21:24:13:281 3352 IRP_MJ_CREATE : F76A3BB0
    21:24:13:281 3352 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
    21:24:13:281 3352 IRP_MJ_CLOSE : F76A3BB0
    21:24:13:281 3352 IRP_MJ_READ : F769DD1F
    21:24:13:281 3352 IRP_MJ_WRITE : F769DD1F
    21:24:13:281 3352 IRP_MJ_QUERY_INFORMATION : 804F9759
    21:24:13:281 3352 IRP_MJ_SET_INFORMATION : 804F9759
    21:24:13:281 3352 IRP_MJ_QUERY_EA : 804F9759
    21:24:13:281 3352 IRP_MJ_SET_EA : 804F9759
    21:24:13:281 3352 IRP_MJ_FLUSH_BUFFERS : F769E2E2
    21:24:13:281 3352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
    21:24:13:281 3352 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
    21:24:13:281 3352 IRP_MJ_DIRECTORY_CONTROL : 804F9759
    21:24:13:281 3352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
    21:24:13:281 3352 IRP_MJ_DEVICE_CONTROL : F769E3BB
    21:24:13:281 3352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76A1F28
    21:24:13:281 3352 IRP_MJ_SHUTDOWN : F769E2E2
    21:24:13:281 3352 IRP_MJ_LOCK_CONTROL : 804F9759
    21:24:13:281 3352 IRP_MJ_CLEANUP : 804F9759
    21:24:13:281 3352 IRP_MJ_CREATE_MAILSLOT : 804F9759
    21:24:13:281 3352 IRP_MJ_QUERY_SECURITY : 804F9759
    21:24:13:281 3352 IRP_MJ_SET_SECURITY : 804F9759
    21:24:13:281 3352 IRP_MJ_POWER : F769FC82
    21:24:13:281 3352 IRP_MJ_SYSTEM_CONTROL : F76A499E
    21:24:13:281 3352 IRP_MJ_DEVICE_CHANGE : 804F9759
    21:24:13:281 3352 IRP_MJ_QUERY_QUOTA : 804F9759
    21:24:13:281 3352 IRP_MJ_SET_QUOTA : 804F9759
    21:24:13:296 3352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    21:24:13:296 3352
    21:24:13:296 3352 Driver Name: Disk
    21:24:13:296 3352 IRP_MJ_CREATE : F76A3BB0
    21:24:13:296 3352 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
    21:24:13:296 3352 IRP_MJ_CLOSE : F76A3BB0
    21:24:13:296 3352 IRP_MJ_READ : F769DD1F
    21:24:13:296 3352 IRP_MJ_WRITE : F769DD1F
    21:24:13:296 3352 IRP_MJ_QUERY_INFORMATION : 804F9759
    21:24:13:296 3352 IRP_MJ_SET_INFORMATION : 804F9759
    21:24:13:296 3352 IRP_MJ_QUERY_EA : 804F9759
    21:24:13:296 3352 IRP_MJ_SET_EA : 804F9759
    21:24:13:296 3352 IRP_MJ_FLUSH_BUFFERS : F769E2E2
    21:24:13:296 3352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
    21:24:13:296 3352 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
    21:24:13:296 3352 IRP_MJ_DIRECTORY_CONTROL : 804F9759
    21:24:13:296 3352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
    21:24:13:296 3352 IRP_MJ_DEVICE_CONTROL : F769E3BB
    21:24:13:296 3352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F76A1F28
    21:24:13:296 3352 IRP_MJ_SHUTDOWN : F769E2E2
    21:24:13:296 3352 IRP_MJ_LOCK_CONTROL : 804F9759
    21:24:13:296 3352 IRP_MJ_CLEANUP : 804F9759
    21:24:13:296 3352 IRP_MJ_CREATE_MAILSLOT : 804F9759
    21:24:13:296 3352 IRP_MJ_QUERY_SECURITY : 804F9759
    21:24:13:296 3352 IRP_MJ_SET_SECURITY : 804F9759
    21:24:13:296 3352 IRP_MJ_POWER : F769FC82
    21:24:13:296 3352 IRP_MJ_SYSTEM_CONTROL : F76A499E
    21:24:13:296 3352 IRP_MJ_DEVICE_CHANGE : 804F9759
    21:24:13:296 3352 IRP_MJ_QUERY_QUOTA : 804F9759
    21:24:13:296 3352 IRP_MJ_SET_QUOTA : 804F9759
    21:24:13:312 3352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    21:24:13:312 3352
    21:24:13:312 3352 Driver Name: iaStor
    21:24:13:312 3352 IRP_MJ_CREATE : F74CF79A
    21:24:13:312 3352 IRP_MJ_CREATE_NAMED_PIPE : 804F9759
    21:24:13:312 3352 IRP_MJ_CLOSE : F74CF79A
    21:24:13:312 3352 IRP_MJ_READ : 804F9759
    21:24:13:312 3352 IRP_MJ_WRITE : 804F9759
    21:24:13:312 3352 IRP_MJ_QUERY_INFORMATION : 804F9759
    21:24:13:312 3352 IRP_MJ_SET_INFORMATION : 804F9759
    21:24:13:312 3352 IRP_MJ_QUERY_EA : 804F9759
    21:24:13:312 3352 IRP_MJ_SET_EA : 804F9759
    21:24:13:312 3352 IRP_MJ_FLUSH_BUFFERS : 804F9759
    21:24:13:312 3352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9759
    21:24:13:312 3352 IRP_MJ_SET_VOLUME_INFORMATION : 804F9759
    21:24:13:312 3352 IRP_MJ_DIRECTORY_CONTROL : 804F9759
    21:24:13:312 3352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9759
    21:24:13:312 3352 IRP_MJ_DEVICE_CONTROL : F74CD0A0
    21:24:13:312 3352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74CA78C
    21:24:13:312 3352 IRP_MJ_SHUTDOWN : 804F9759
    21:24:13:312 3352 IRP_MJ_LOCK_CONTROL : 804F9759
    21:24:13:312 3352 IRP_MJ_CLEANUP : 804F9759
    21:24:13:312 3352 IRP_MJ_CREATE_MAILSLOT : 804F9759
    21:24:13:312 3352 IRP_MJ_QUERY_SECURITY : 804F9759
    21:24:13:312 3352 IRP_MJ_SET_SECURITY : 804F9759
    21:24:13:312 3352 IRP_MJ_POWER : F74C65F4
    21:24:13:312 3352 IRP_MJ_SYSTEM_CONTROL : F74C5B54
    21:24:13:312 3352 IRP_MJ_DEVICE_CHANGE : 804F9759
    21:24:13:312 3352 IRP_MJ_QUERY_QUOTA : 804F9759
    21:24:13:312 3352 IRP_MJ_SET_QUOTA : 804F9759
    21:24:13:375 3352 C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: 1
    21:24:13:375 3352
    21:24:13:375 3352 Completed
    21:24:13:375 3352
    21:24:13:375 3352 Results:
    21:24:13:375 3352 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
    21:24:13:375 3352 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    21:24:13:375 3352 File objects infected / cured / cured on reboot: 0 / 0 / 0
    21:24:13:375 3352
    21:24:13:375 3352 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
    21:24:13:375 3352 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
    21:24:13:375 3352 KLMD(ARK) unloaded successfully
     
  12. Net_Surfer

    Net_Surfer Banned

    Joined:
    Apr 13, 2010
    Messages:
    25
    I need the two logs of the OTL scan, Please!
     
  13. JonTPuntificate

    JonTPuntificate Thread Starter

    Joined:
    Apr 13, 2010
    Messages:
    78
    OTL Extras logfile created on: 4/13/2010 9:52:56 PM - Run 1
    OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Jackanapes\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 139.04 Gb Total Space | 115.45 Gb Free Space | 83.03% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MAGNETONE
    Current User Name: Jackanapes
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
    "C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe" = C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo -- ()
    "C:\Program Files\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe" = C:\Program Files\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe:*:Enabled:Oddworld: Abe's Oddysee -- (Oddworld Inhabitants, Inc.)
    "C:\Program Files\Steam\steamapps\common\bookworm adventures deluxe\BookwormAdventures.exe" = C:\Program Files\Steam\steamapps\common\bookworm adventures deluxe\BookwormAdventures.exe:*:Enabled:Bookworm Adventures Deluxe -- (PopCap Games, Inc.)
    "C:\Program Files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = C:\Program Files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening -- ()
    "C:\Program Files\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe" = C:\Program Files\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus -- (Oddworld Inhabitants, Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe:*:Enabled:Ad-AwareAdmin -- (Lavasoft )


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
    "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A9EB5FC-1155-497B-9AF9-D1AB20382B10}" = STOPzilla
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype&#8482; 4.2
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "Acer Screensaver" = Acer ScreenSaver
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Browser Defender_is1" = Browser Defender 2.0.6.15
    "Carbonite Setup Lite" = Carbonite Online Backup Setup
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MSC" = McAfee SecurityCenter
    "Songbird-release-1438" = Songbird 1.4.3 (Build 1438)
    "SpeedyPC" = SpeedyPC
    "Spyware Doctor" = Spyware Doctor 7.0
    "Steam App 15700" = Oddworld: Abe's Oddysee
    "Steam App 15710" = Oddworld: Abe's Exoddus
    "Steam App 18500" = Defense Grid: The Awakening
    "Steam App 22000" = World of Goo
    "Steam App 26800" = Braid
    "Steam App 280" = Half-Life: Source
    "Steam App 3470" = Bookworm Adventures Deluxe
    "Steam App 360" = Half-Life Deathmatch: Source
    "Steam App 41500" = Torchlight
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "uTorrent" = µTorrent
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Shoddy Battle" = Shoddy Battle

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/11/2010 9:28:03 PM | Computer Name = MAGNETONE | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 4/11/2010 9:37:17 PM | Computer Name = MAGNETONE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 4/11/2010 9:37:17 PM | Computer Name = MAGNETONE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 4/11/2010 10:54:28 PM | Computer Name = MAGNETONE | Source = Application Hang | ID = 1002
    Description = Hanging application sdloader.exe, version 7.0.0.8, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 4/12/2010 7:50:35 PM | Computer Name = MAGNETONE | Source = Application Hang | ID = 1002
    Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/12/2010 7:50:39 PM | Computer Name = MAGNETONE | Source = Application Hang | ID = 1002
    Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/12/2010 7:56:14 PM | Computer Name = MAGNETONE | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 4/13/2010 6:59:56 PM | Computer Name = MAGNETONE | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module 3difr.x3d, version 9.0.0.0, fault address 0x0001d5ff.

    Error - 4/13/2010 7:00:20 PM | Computer Name = MAGNETONE | Source = Application Error | ID = 1001
    Description = Fault bucket 1632194818.

    Error - 4/13/2010 9:50:56 PM | Computer Name = MAGNETONE | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.2.1.1, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 4/12/2010 10:00:59 PM | Computer Name = MAGNETONE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
    Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

    Error - 4/12/2010 11:05:01 PM | Computer Name = MAGNETONE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 4/12/2010 11:07:46 PM | Computer Name = MAGNETONE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 4/12/2010 11:19:51 PM | Computer Name = MAGNETONE | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    JEANETTE that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{59842901-41FE-4C18-. The master browser is stopping or an election
    is being forced.

    Error - 4/13/2010 3:32:50 PM | Computer Name = MAGNETONE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 4/13/2010 6:10:02 PM | Computer Name = MAGNETONE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 4/13/2010 8:35:46 PM | Computer Name = MAGNETONE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 4/13/2010 8:49:44 PM | Computer Name = MAGNETONE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde

    Error - 4/13/2010 9:14:15 PM | Computer Name = MAGNETONE | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
    the volume.

    Error - 4/13/2010 9:14:23 PM | Computer Name = MAGNETONE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    atapi PCIIde


    < End of report >
     
  14. JonTPuntificate

    JonTPuntificate Thread Starter

    Joined:
    Apr 13, 2010
    Messages:
    78
    OTL logfile created on: 4/13/2010 9:52:56 PM - Run 1
    OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Jackanapes\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 139.04 Gb Total Space | 115.45 Gb Free Space | 83.03% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MAGNETONE
    Current User Name: Jackanapes
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Jackanapes\My Documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
    PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
    PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
    PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
    PRC - C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)
    PRC - C:\WINDOWS\system32\MSGSYS.EXE (Intel Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Jackanapes\My Documents\Downloads\OTL.exe (OldTimer Tools)


    ========== Win32 Services (SafeList) ==========

    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
    SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
    SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
    SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
    SRV - (GoogleDesktopManager-080708-050100) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
    SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (Norton AntiVirus Server) -- C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
    SRV - (DefWatch) -- C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
    DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\szkgfs.sys (iS3, Inc.)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (szkg5) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.)
    DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
    DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
    DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
    DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
    DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
    DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
    DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
    DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
    DRV - (NAVAPEL) -- C:\Program Files\NavNT\Navapel.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12093425l0354wuh5w48m23556

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12093425l0354wuh5w48m23556
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: [email protected]:1.0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 11:34:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 11:34:17 | 000,000,000 | ---D | M]

    [2010/03/28 11:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackanapes\Application Data\Mozilla\Extensions
    [2010/01/06 20:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackanapes\Application Data\Mozilla\Extensions\[email protected]
    [2010/04/13 21:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackanapes\Application Data\Mozilla\Firefox\Profiles\31z76v05.default\extensions
    [2010/03/28 11:26:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jackanapes\Application Data\Mozilla\Firefox\Profiles\31z76v05.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/27 15:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/04/13 18:10:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll File not found
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
    O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
    O21 - SSODL: bafitifat - {6683d256-d006-4383-8fd3-131b8b9706c9} - CLSID or File not found.
    O21 - SSODL: bepugunil - {857d7287-d4e4-4ac9-a2c2-f26dd12e940e} - CLSID or File not found.
    O21 - SSODL: bimubasah - {3ed45c42-395d-4997-8709-5482136dfcce} - CLSID or File not found.
    O21 - SSODL: bokanuvuv - {8aa3e396-fe69-4403-a053-fb6b3ee412bf} - CLSID or File not found.
    O21 - SSODL: buveluzar - {a85f32df-9b89-4b65-8a01-0b1345514c69} - CLSID or File not found.
    O21 - SSODL: buwaroyiz - {8d012629-287a-4376-836f-a10ca5c72525} - CLSID or File not found.
    O21 - SSODL: dehazukuz - {7ef8190e-eb50-4570-bdc2-07002071277a} - CLSID or File not found.
    O21 - SSODL: deregufev - {7485a7a0-3497-4e54-b888-e1f8c743cec2} - CLSID or File not found.
    O21 - SSODL: diyezoham - {3e72ae0f-4ecd-441b-b0cf-ad79e2ca8116} - CLSID or File not found.
    O21 - SSODL: dojiwizir - {35deba78-3e3f-4622-8f7e-356e7133683d} - CLSID or File not found.
    O21 - SSODL: duzedijut - {bb8329ee-1f81-4d5d-8669-3defb4107ae7} - CLSID or File not found.
    O21 - SSODL: fazipedaw - {6acb0ad3-1a29-4d28-98e9-186e220b6107} - CLSID or File not found.
    O21 - SSODL: fevagojef - {de25367a-ad62-4c3a-a566-71a271d343d2} - CLSID or File not found.
    O21 - SSODL: foyerosef - {7d9857ef-bf6b-4ab2-b52b-b5d2bcbfefbe} - CLSID or File not found.
    O21 - SSODL: fufojufum - {885a6622-7a9b-485c-a4a9-6c70e63ea757} - CLSID or File not found.
    O21 - SSODL: fumifihek - {0522d310-5cf8-4cd0-b3ce-76836096987e} - CLSID or File not found.
    O21 - SSODL: gihuzomef - {12486180-1268-4221-b474-69b41059ea44} - CLSID or File not found.
    O21 - SSODL: hehadarig - {4f9e608f-3151-4c36-9168-9d8e7272dc1f} - CLSID or File not found.
    O21 - SSODL: hekodevif - {c22de7dc-5046-4d6b-b995-765bb8f1b4d9} - CLSID or File not found.
    O21 - SSODL: hiyuboniy - {267593de-441a-4de6-ae55-e7a200329b59} - CLSID or File not found.
    O21 - SSODL: hunadelit - {266020e5-95d0-47ad-8286-487227395c82} - CLSID or File not found.
    O21 - SSODL: jelufapeh - {e3c1a9fe-c8cf-477d-9512-4e4b97d8ef8d} - CLSID or File not found.
    O21 - SSODL: jimufavij - {3ef4cda0-66b1-4145-8a6d-08a238a9d902} - CLSID or File not found.
    O21 - SSODL: joraberup - {b745097e-a9d7-4490-9f68-e4282ad99f6d} - CLSID or File not found.
    O21 - SSODL: juporayus - {a9771b18-37b9-46d2-b222-f4816d17a6e1} - CLSID or File not found.
    O21 - SSODL: kefakibur - {4be17bc6-7567-45d7-8885-865d8e88239e} - CLSID or File not found.
    O21 - SSODL: kihiganok - {e05ee520-a0bd-4679-a008-b5f65c925d75} - CLSID or File not found.
    O21 - SSODL: lavotekon - {cf23ad97-de39-4b79-90e7-b5d626225d00} - CLSID or File not found.
    O21 - SSODL: lewovolas - {f975f7ee-635a-40b3-88b8-2d86cc759208} - CLSID or File not found.
    O21 - SSODL: lifutamaz - {5814365c-ed5b-425e-99e4-ec4f4c8044bb} - CLSID or File not found.
    O21 - SSODL: luralubus - {f7d4cd1c-834f-423f-819e-d5e26bfc9e5b} - CLSID or File not found.
    O21 - SSODL: meponihut - {20ef7982-fe6e-4e0b-9068-f70df8fd8afb} - CLSID or File not found.
    O21 - SSODL: mizevuviv - {afefe0f5-d3d2-4eed-aa18-5a22460dce0f} - CLSID or File not found.
    O21 - SSODL: moyabifup - {d4f9c987-f346-4d44-983f-63c3e8210855} - CLSID or File not found.
    O21 - SSODL: nitugitay - {a1f344bd-ec12-4839-b609-5bca5c7a258f} - CLSID or File not found.
    O21 - SSODL: pamunutid - {c0a162f6-6594-4abe-a721-1585ed5e0fa4} - CLSID or File not found.
    O21 - SSODL: posujipoz - {251388d3-cfca-4711-8a02-4655af9bed96} - CLSID or File not found.
    O21 - SSODL: puzahovid - {eaadfb6d-40bc-4677-b72b-afd642c17d0d} - CLSID or File not found.
    O21 - SSODL: rehipizes - {722791c5-a588-49a3-a839-028d242a30a1} - CLSID or File not found.
    O21 - SSODL: rufifelam - {ab7ca228-596c-4b97-a912-838d7a33f858} - CLSID or File not found.
    O21 - SSODL: rujidejis - {0b157693-6439-48d4-99ff-fc3e72f010ed} - CLSID or File not found.
    O21 - SSODL: rutatevur - {fe0bf7b2-ba11-44aa-9bc6-bd58f838f9b8} - CLSID or File not found.
    O21 - SSODL: suyidahep - {d469a691-7c6c-4417-954f-08e67911f25d} - CLSID or File not found.
    O21 - SSODL: tanafihoj - {75cab0a0-61ac-4caa-9096-7f77e74b48f1} - CLSID or File not found.
    O21 - SSODL: temiberit - {731f6391-86a8-4fff-b9af-24709b39b2ae} - CLSID or File not found.
    O21 - SSODL: tovijokuk - {3f040c4b-4468-40da-8744-5446bad4dd5a} - CLSID or File not found.
    O21 - SSODL: vamekelom - {335e9f7f-51fe-4904-bbbb-29eb234d9410} - CLSID or File not found.
    O21 - SSODL: vegenamel - {67806e36-4b12-48b7-b092-ecdc19d28b44} - CLSID or File not found.
    O21 - SSODL: vulabofah - {f3af7418-dda1-4bc0-b7c2-19ea0db4b6f5} - CLSID or File not found.
    O21 - SSODL: wadelewum - {2321197f-d9f1-471b-aeae-b1f8236e8280} - CLSID or File not found.
    O21 - SSODL: wahewerid - {6edf0a81-5ffd-4c16-b215-e4066d419b75} - CLSID or File not found.
    O21 - SSODL: welitober - {5bb61808-614a-4ce1-95a1-828b43881c78} - CLSID or File not found.
    O21 - SSODL: wuvafepey - {6fc4ec8b-1ed9-462f-9a71-77fcb393e97e} - CLSID or File not found.
    O21 - SSODL: yatalumoy - {1fe0e5ef-6b8c-40af-98f3-58a54ac0899d} - CLSID or File not found.
    O21 - SSODL: yatoyuweh - {adc8db47-345a-40b7-b1f8-d29165d65cde} - CLSID or File not found.
    O21 - SSODL: yugabudon - {c9096999-be09-472f-b9c9-88c9d82466fb} - CLSID or File not found.
    O21 - SSODL: yuhulusay - {832d1ae6-985f-459e-88f2-c3bce988998f} - CLSID or File not found.
    O21 - SSODL: yulojupir - {5a3e79d7-0ddc-49c8-a5a2-12a210434bc8} - CLSID or File not found.
    O21 - SSODL: zasujoguf - {24af8b1f-003d-4dd2-8c41-1eb51994e353} - CLSID or File not found.
    O21 - SSODL: zibemukoh - {2b62523e-35bd-4905-b8d6-c7b6cef29502} - CLSID or File not found.
    O21 - SSODL: zirejomap - {f32e66e7-6a72-4ad0-9e40-5eeb8d935fc5} - CLSID or File not found.
    O21 - SSODL: ziteboziw - {ee542374-c960-4aab-bca3-4387f21cfa24} - CLSID or File not found.
    O21 - SSODL: ziwirumey - {334c5d4b-c570-4215-ac0b-d2058b49abf9} - CLSID or File not found.
    O22 - SharedTaskScheduler: {0522d310-5cf8-4cd0-b3ce-76836096987e} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {0b157693-6439-48d4-99ff-fc3e72f010ed} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {12486180-1268-4221-b474-69b41059ea44} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {1fe0e5ef-6b8c-40af-98f3-58a54ac0899d} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {20ef7982-fe6e-4e0b-9068-f70df8fd8afb} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {2321197f-d9f1-471b-aeae-b1f8236e8280} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {24af8b1f-003d-4dd2-8c41-1eb51994e353} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {251388d3-cfca-4711-8a02-4655af9bed96} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {266020e5-95d0-47ad-8286-487227395c82} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {267593de-441a-4de6-ae55-e7a200329b59} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {2b62523e-35bd-4905-b8d6-c7b6cef29502} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {334c5d4b-c570-4215-ac0b-d2058b49abf9} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {335e9f7f-51fe-4904-bbbb-29eb234d9410} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {35deba78-3e3f-4622-8f7e-356e7133683d} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {3e72ae0f-4ecd-441b-b0cf-ad79e2ca8116} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {3ed45c42-395d-4997-8709-5482136dfcce} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {3ef4cda0-66b1-4145-8a6d-08a238a9d902} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {3f040c4b-4468-40da-8744-5446bad4dd5a} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {4be17bc6-7567-45d7-8885-865d8e88239e} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {4f9e608f-3151-4c36-9168-9d8e7272dc1f} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {5814365c-ed5b-425e-99e4-ec4f4c8044bb} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {5a3e79d7-0ddc-49c8-a5a2-12a210434bc8} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {5bb61808-614a-4ce1-95a1-828b43881c78} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {6683d256-d006-4383-8fd3-131b8b9706c9} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {67806e36-4b12-48b7-b092-ecdc19d28b44} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {6acb0ad3-1a29-4d28-98e9-186e220b6107} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {6edf0a81-5ffd-4c16-b215-e4066d419b75} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {6fc4ec8b-1ed9-462f-9a71-77fcb393e97e} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {722791c5-a588-49a3-a839-028d242a30a1} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {731f6391-86a8-4fff-b9af-24709b39b2ae} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {7485a7a0-3497-4e54-b888-e1f8c743cec2} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {75cab0a0-61ac-4caa-9096-7f77e74b48f1} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {7d9857ef-bf6b-4ab2-b52b-b5d2bcbfefbe} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {7ef8190e-eb50-4570-bdc2-07002071277a} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {832d1ae6-985f-459e-88f2-c3bce988998f} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {857d7287-d4e4-4ac9-a2c2-f26dd12e940e} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {8aa3e396-fe69-4403-a053-fb6b3ee412bf} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {8d012629-287a-4376-836f-a10ca5c72525} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {a1f344bd-ec12-4839-b609-5bca5c7a258f} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {a85f32df-9b89-4b65-8a01-0b1345514c69} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {a9771b18-37b9-46d2-b222-f4816d17a6e1} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {ab7ca228-596c-4b97-a912-838d7a33f858} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {adc8db47-345a-40b7-b1f8-d29165d65cde} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {afefe0f5-d3d2-4eed-aa18-5a22460dce0f} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {b745097e-a9d7-4490-9f68-e4282ad99f6d} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {bb8329ee-1f81-4d5d-8669-3defb4107ae7} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {c22de7dc-5046-4d6b-b995-765bb8f1b4d9} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {c9096999-be09-472f-b9c9-88c9d82466fb} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {cf23ad97-de39-4b79-90e7-b5d626225d00} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {d469a691-7c6c-4417-954f-08e67911f25d} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {d4f9c987-f346-4d44-983f-63c3e8210855} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {de25367a-ad62-4c3a-a566-71a271d343d2} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {e05ee520-a0bd-4679-a008-b5f65c925d75} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {e3c1a9fe-c8cf-477d-9512-4e4b97d8ef8d} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {eaadfb6d-40bc-4677-b72b-afd642c17d0d} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {ee542374-c960-4aab-bca3-4387f21cfa24} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {f32e66e7-6a72-4ad0-9e40-5eeb8d935fc5} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {f3af7418-dda1-4bc0-b7c2-19ea0db4b6f5} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {f7d4cd1c-834f-423f-819e-d5e26bfc9e5b} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {f975f7ee-635a-40b3-88b8-2d86cc759208} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {fe0bf7b2-ba11-44aa-9bc6-bd58f838f9b8} - kupuhivus - Reg Error: Key error. File not found
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/01 02:55:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/31 19:42:29 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: AzMixerSel - hkey= - key= - C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: CarboniteSetupLite - hkey= - key= - C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
    MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
    MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Jackanapes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe File not found
    MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
    MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
    MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    MsConfig - StartUpReg: ISTray - hkey= - key= - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
    MsConfig - StartUpReg: LManager - hkey= - key= - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
    MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found
    MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
    MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
    MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
    MsConfig - StartUpReg: PLFSetL - hkey= - key= - C:\WINDOWS\PLFSetL.exe (sonix)
    MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: seranikej - hkey= - key= - File not found
    MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    MsConfig - StartUpReg: snp2uvc - hkey= - key= - File not found
    MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
    MsConfig - StartUpReg: vptray - hkey= - key= - C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 2
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 1

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/04/13 21:07:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/04/13 21:07:46 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Jackanapes\Desktop\TDSSKiller.exe
    [2010/04/13 17:45:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/04/13 17:43:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/04/13 17:43:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/04/13 17:43:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/04/13 17:43:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/04/13 17:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/04/13 17:41:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/04/13 15:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/04/12 23:20:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2010/04/12 23:20:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2010/04/12 23:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2010/04/12 23:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2010/04/12 21:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackanapes\Application Data\Malwarebytes
    [2010/04/12 21:06:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/12 21:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/04/12 21:06:36 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/12 21:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/04/12 19:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
    [2010/04/12 19:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
    [2010/04/12 19:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
    [2010/04/12 19:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/04/12 18:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC
    [2010/04/12 18:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC
    [2010/04/02 17:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/04/02 17:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackanapes\Application Data\SUPERAntiSpyware.com
    [2010/04/02 17:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/04/02 17:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2010/03/30 22:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Identities
    [2010/03/29 19:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/03/29 16:21:00 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/03/29 16:18:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2010/03/28 18:35:49 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
    [2010/03/28 11:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
    [2010/03/28 11:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
    [2010/03/28 11:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackanapes\WINDOWS
    [2010/03/27 18:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackanapes\Local Settings\Application Data\Symantec
    [2010/03/27 18:04:16 | 000,057,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2010/03/27 18:04:16 | 000,036,864 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2010/03/27 18:04:16 | 000,004,032 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SYMEVNT1.DLL
    [2010/03/27 18:03:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CBA
    [2010/03/27 18:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2010/03/27 18:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
    [2010/03/27 18:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2010/03/27 18:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\NavNT
    [2010/03/27 15:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackanapes\Local Settings\Application Data\Mozilla
    [2010/03/27 15:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/03/27 15:02:46 | 008,351,672 | ---- | C] (Mozilla) -- C:\Documents and Settings\Jackanapes\Desktop\Firefox Setup 3.6.2.exe
    [2010/03/26 19:41:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010/03/26 19:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/03/26 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/03/26 19:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/01/31 01:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/01/31 01:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2009/12/25 14:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2009/10/21 12:27:08 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
    [2009/10/21 12:27:05 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
    [2009/08/01 03:35:00 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/04/13 21:15:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/04/13 21:14:44 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/04/13 21:14:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/04/13 21:14:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/04/13 21:14:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/04/13 21:14:07 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
    [2010/04/13 21:13:48 | 000,312,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys
    [2010/04/13 21:13:32 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Jackanapes\NTUSER.DAT
    [2010/04/13 21:13:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jackanapes\ntuser.ini
    [2010/04/13 21:13:04 | 003,771,366 | -H-- | M] () -- C:\Documents and Settings\Jackanapes\Local Settings\Application Data\IconCache.db
    [2010/04/13 21:11:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/04/13 21:04:39 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Jackanapes\Desktop\TDSSKiller.exe
    [2010/04/13 21:04:14 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\Jackanapes\Desktop\TDSSKiller.zip
    [2010/04/13 18:58:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/04/13 18:12:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/04/13 18:10:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/04/13 17:45:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/04/13 17:33:53 | 003,914,375 | R--- | M] () -- C:\Documents and Settings\Jackanapes\Desktop\CFscan.exe
    [2010/04/13 17:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Program Check.job
    [2010/04/13 15:48:24 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\Jackanapes\Desktop\HijackThis.lnk
    [2010/04/13 15:34:48 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/04/13 15:34:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/04/13 15:33:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/04/12 21:07:03 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/04/12 18:46:56 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC.job
    [2010/04/12 18:46:38 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpeedyPC.lnk
    [2010/04/10 16:53:57 | 000,511,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/04/10 16:53:57 | 000,434,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/04/10 16:53:57 | 000,068,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/04/02 18:49:37 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wofuvizu
    [2010/04/02 17:35:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Jackanapes\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/03/31 09:40:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/03/29 16:20:54 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/03/29 16:20:50 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/03/29 16:18:49 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/03/28 17:09:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/03/28 16:48:36 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/03/27 18:21:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\VPC32.INI
    [2010/03/27 18:06:26 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/03/27 18:03:51 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2010/03/27 18:03:51 | 000,000,244 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2010/03/27 15:23:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/03/27 15:23:32 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/03/27 15:22:38 | 008,351,672 | ---- | M] (Mozilla) -- C:\Documents and Settings\Jackanapes\Desktop\Firefox Setup 3.6.2.exe
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\wofuvizu
    [2010/04/13 21:14:44 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/04/13 21:04:13 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\Jackanapes\Desktop\TDSSKiller.zip
    [2010/04/13 17:45:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/04/13 17:45:39 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/04/13 17:43:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/04/13 17:43:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/04/13 17:43:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/04/13 17:33:53 | 003,914,375 | R--- | C] () -- C:\Documents and Settings\Jackanapes\Desktop\CFscan.exe
    [2010/04/13 15:48:24 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\Jackanapes\Desktop\HijackThis.lnk
    [2010/04/12 23:05:45 | 1063,194,624 | -HS- | C] () -- C:\hiberfil.sys
    [2010/04/12 21:07:03 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/04/12 18:46:55 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Program Check.job
    [2010/04/12 18:46:54 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC.job
    [2010/04/12 18:46:38 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpeedyPC.lnk
    [2010/04/02 17:35:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Jackanapes\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/03/29 16:18:49 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/03/27 18:21:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2010/03/27 18:06:26 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/03/27 18:06:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/03/27 18:04:16 | 000,120,379 | ---- | C] () -- C:\WINDOWS\System32\SYMEVNT.386
    [2010/03/27 18:03:49 | 000,000,244 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/03/27 15:23:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/03/27 15:23:32 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/02/02 18:45:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
    [2010/02/02 18:45:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
    [2009/12/26 02:30:49 | 002,359,296 | -H-- | C] () -- C:\Documents and Settings\Jackanapes\NTUSER.DAT
    [2009/12/26 02:30:49 | 000,565,248 | -H-- | C] () -- C:\Documents and Settings\Jackanapes\ntuser.dat.LOG
    [2009/12/26 02:30:49 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Jackanapes\ntuser.ini
    [2009/12/26 02:30:37 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
    [2009/12/26 02:30:37 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
    [2009/10/21 12:27:08 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
    [2009/10/21 12:27:08 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
    [2009/10/21 12:27:08 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
    [2009/08/01 06:01:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/08/01 04:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2009/08/01 02:58:22 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2009/08/01 02:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2001/09/24 07:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
    [2000/09/18 17:12:40 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL

    ========== LOP Check ==========

    [2009/08/01 05:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
    [2010/04/12 19:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
    [2010/04/12 19:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC
    [2010/04/13 21:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/04/13 21:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/03/29 16:18:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2009/08/01 05:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackanapes\Application Data\Acer
    [2009/08/01 05:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackanapes\Application Data\Acer GameZone Console
    [2010/01/08 20:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackanapes\Application Data\Braid
    [2009/12/26 16:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackanapes\Application Data\eSobi
    [2010/01/03 21:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackanapes\Application Data\runic games
    [2010/01/06 20:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackanapes\Application Data\Songbird2
    [2009/08/01 05:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackanapes\Application Data\Super-Cow
    [2010/04/10 12:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackanapes\Application Data\uTorrent
    [2010/04/13 21:15:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2010/04/13 17:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Program Check.job
    [2010/04/12 18:46:56 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
    [2008/04/14 03:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
    [2008/04/14 03:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
    [2008/04/14 03:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

    < MD5 for: ATAPI.SYS >
    [2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
    [2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
    [2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
    [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: IASTOR.SYS >
    [2008/04/15 05:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\ACER\Preload\Autorun\DRV\Intel AHCI\f6flpy64\IaStor.sys
    [2008/04/15 20:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
    [2008/04/15 05:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\ACER\Preload\Autorun\DRV\Intel AHCI\f6flpy32\IaStor.sys
    [2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
    [2008/04/15 05:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\OemDir\iaStor.sys
    [2010/04/13 21:13:48 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\drivers\iaStor.sys
    [2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_E7EB69FF3449D216602D0D37A1D73969621673A9\iaStor.sys
    [2008/04/15 05:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
    [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
    [2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [16 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:798A3728
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94213A87
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    < End of report >
     
  15. JonTPuntificate

    JonTPuntificate Thread Starter

    Joined:
    Apr 13, 2010
    Messages:
    78
    There ya go. Sorry. Scan took a while. Thank you.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/916674

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice