Nasty Virus

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x0080001e

Kernel Drivers (total 79):
0x80400000 \i386\system32\ntoskrnl.exe
0x80615000 \i386\system32\halaacpi.dll
0xF7987000 \i386\system32\KDCOM.DLL
0xF7897000 \i386\system32\BOOTVID.dll
0xF73EC000 setupdd.sys
0xF7A4F000 \i386\system32\drivers\SPDDLANG.SYS
0xF73DB000 pci.sys
0xF73AD000 acpi.sys
0xF7989000 \i386\system32\drivers\WMILIB.SYS
0xF7487000 isapnp.sys
0xF789B000 acpiec.sys
0xF7A50000 \i386\system32\drivers\OPRGHDLR.SYS
0xF7497000 ohci1394.sys
0xF74A7000 \i386\system32\drivers\1394BUS.SYS
0xF738F000 pcmcia.sys
0xF7707000 \i386\system32\drivers\PCIIDEX.SYS
0xF74B7000 mountmgr.sys
0xF7370000 ftdisk.sys
0xF7717000 partmgr.sys
0xF7993000 dmload.sys
0xF734A000 dmio.sys
0xF74E7000 \i386\system32\drivers\CLASSPNP.SYS
0xF7A53000 amdide1.SY_
0xF7727000 usbehci.sys
0xF72F0000 \i386\system32\drivers\USBPORT.SYS
0xF772F000 usbohci.sys
0xF7507000 usbhub.sys
0xF7997000 \i386\system32\drivers\USBD.SYS
0xF7747000 \i386\system32\drivers\HIDPARSE.SYS
0xF7537000 i8042prt.sys
0xF7757000 kbdclass.sys
0xF775F000 mouclass.sys
0xF72D8000 SCSIPORT.SYS
0xF72C0000 atapi.sys
0xF78C7000 VMSCSI.SY_
0xF77BF000 VIAPDSK.SY_
0xF7193000 viamraid.SY_
0xF712C000 SISRAID4.SY_
0xF77C7000 SISRAID2.SY_
0xF6893000 ahci6xx.SY_
0xF614C000 dmboot.sys
0xF720B000 cdrom.sys
0xF71FB000 disk.sys
0xF6135000 ksecdd.sys
0xF6112000 fastfat.sys
0xF6085000 ntfs.sys
0xF71EB000 cdfs.sys
0xF6058000 ndis.sys
0xF603D000 mup.sys
0xF7A62000 \SystemRoot\System32\drivers\audstub.sys
0xF799F000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF6863000 \SystemRoot\System32\Drivers\Modem.SYS
0xF79A3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF5E71000 \SystemRoot\System32\DRIVERS\ks.sys
0xF797B000 \SystemRoot\system32\drivers\ramdriv.sys
0xF7837000 \SystemRoot\System32\drivers\vga.sys
0xBAFEC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xBAFBB000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF6019000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF7A7D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7767000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7777000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAFA8000 \SystemRoot\System32\drivers\ipsec.sys
0xF79A7000 \SystemRoot\System32\Drivers\Beep.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF778F000 \SystemRoot\System32\watchdog.sys
0xF5FCC000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF7ACF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xF76C7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF771F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBAAB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBAA45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9ED000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA9CB000 \SystemRoot\system32\drivers\afd.sys
0xBA9A3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF784F000 \SystemRoot\System32\drivers\usbstor.sys
0x7C900000 \I386\SYSTEM32\NTDLL.DLL

Processes (total 14):
0 System Idle Process
4 System
212 X:\I386\SYSTEM32\CSRSS.EXE
272 X:\I386\SYSTEM32\SERVICES.EXE
284 X:\I386\SYSTEM32\LSASS.EXE
400 X:\I386\SYSTEM32\SVCHOST.EXE
432 X:\I386\SYSTEM32\REATOGOLOGON.EXE
484 X:\I386\SYSTEM32\SVCHOST.EXE
1496 X:\I386\SYSTEM32\SVCHOST.EXE
1672 X:\I386\SYSTEM32\SVCHOST.EXE
1804 X:\PROGRAMS\wbload\wbload.exe
1936 X:\I386\SYSTEM32\SVCHOST.EXE
1988 X:\I386\EXPLORER.EXE
236 E:\MBRCheck.exe

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`da600000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542516K9SA, Rev: 1.10

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:




________________________________________________________________

OTL logfile created on: 7/4/2011 4:06:06 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 28.72 Gb Free Space | 41.24% Space Free | Partition Type: NTFS
Drive E: | 69.64 Gb Total Space | 65.68 Gb Free Space | 94.32% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/07/02 00:42:50 | 000,588,672 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand] -- C:\Users\musicmatt\AppData\Local\Temp\PRWXOUZX.exe -- (PRWXOUZX)
SRV - [2011/06/28 17:58:38 | 000,062,928 | R--- | M] () [Auto] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/06/06 12:55:28 | 000,059,392 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] () [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/21 16:09:24 | 000,052,664 | ---- | M] () [Disabled] -- C:\Program Files\Tether\TBService.exe -- (Tether)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/03 02:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Disabled] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () [Disabled] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/27 19:54:36 | 000,112,128 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 14:57:28 | 000,167,936 | ---- | M] (acer) [Auto] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/05/29 16:07:58 | 000,598,960 | ---- | M] ( ) [Auto] -- C:\Windows\System32\lxdecoms.exe -- (lxde_device)
SRV - [2007/05/29 16:06:44 | 000,099,248 | ---- | M] () [Auto] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe -- (lxdeCATSCustConnectService)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (ute3mty1)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Auto] -- -- (Aspi32)
DRV - [2011/06/29 04:02:44 | 000,070,144 | ---- | M] () [Kernel | On_Demand] -- C:\Users\musicmatt\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys -- (F-Secure Standalone Minifilter)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/05/18 10:53:18 | 000,045,608 | ---- | M] (Tether) [Kernel | On_Demand] -- C:\Windows\System32\drivers\qrkis.sys -- (qrkis)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SZKG.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/03/10 02:58:40 | 003,533,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/07/03 11:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/04/03 14:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/04/02 20:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2007/03/09 18:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/30 15:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/09/19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\musicmatt_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\musicmatt_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.jzip.com
IE - HKU\musicmatt_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\musicmatt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





O1 HOSTS File: ([2011/04/12 23:26:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files\freecordertoolbar\vmntemplateX.dll ()
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files\freecordertoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\musicmatt_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\musicmatt_ON_C\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [lxdeamon] C:\Program Files\Lexmark 4800 Series\lxdeamon.exe ()
O4 - HKLM..\Run: [lxdemon.exe] C:\Program Files\Lexmark 4800 Series\lxdemon.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\musicmatt_ON_C..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\musicmatt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 205.152.128.23 205.152.37.23
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 03:58:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/02 15:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/07/02 02:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/07/02 02:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\facemoods.com
[2011/07/02 02:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly
[2011/07/02 02:30:37 | 000,000,000 | ---D | C] -- C:\Users\musicmatt\AppData\Local\Ilivid Player
[2011/07/02 02:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/07/02 02:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2011/07/02 01:22:52 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys
[2011/07/02 00:07:12 | 000,000,000 | --SD | C] -- C:\nchost31914n
[2011/07/02 00:06:29 | 000,000,000 | --SD | C] -- C:\nchost30408n
[2011/06/30 23:13:23 | 000,000,000 | --SD | C] -- C:\nchost26863n
[2011/06/30 22:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/30 18:38:58 | 000,000,000 | --SD | C] -- C:\nchost22291n
[2011/06/30 14:34:33 | 000,000,000 | --SD | C] -- C:\nchost3682n
[2011/06/30 14:20:31 | 000,000,000 | --SD | C] -- C:\nchost17059n
[2011/06/30 14:19:58 | 000,000,000 | --SD | C] -- C:\nchost
[2011/06/30 14:09:25 | 004,130,507 | R--- | C] (Swearware) -- C:\Users\musicmatt\Desktop\nchost.exe
[2011/06/30 13:54:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/30 13:54:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/30 13:54:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/30 13:54:26 | 000,000,000 | --SD | C] -- C:\Commy8405C
[2011/06/30 13:53:57 | 000,000,000 | --SD | C] -- C:\Commy31465C
[2011/06/30 13:53:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/30 13:53:11 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/29 22:42:22 | 000,000,000 | --SD | C] -- C:\Commy
[2011/06/29 04:11:19 | 000,000,000 | ---D | C] -- C:\Users\musicmatt\AppData\Roaming\f-secure
[2011/06/29 04:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/06/29 04:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/06/29 03:20:26 | 000,000,000 | ---D | C] -- C:\Windows\TempBC33A0E8-0AC2-22D1-303C-C46234BCB4E2-Signatures
[2011/06/29 03:19:24 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/29 02:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/06/29 02:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/06/29 02:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/06/29 02:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/06/29 02:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/29 02:49:00 | 000,000,000 | ---D | C] -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/29 02:45:03 | 000,015,872 | ---- | C] (VIA Technologies) -- C:\Windows\System32\drivers\1206856434.sys
[2011/06/29 01:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/28 17:58:32 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/06/28 17:58:30 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/06/28 17:58:30 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/06/28 17:58:30 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/06/28 17:58:30 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/06/28 17:58:30 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/06/28 17:58:28 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/06/28 17:58:28 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/06/28 17:58:28 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/06/28 17:58:28 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/06/28 17:58:28 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/06/28 17:58:26 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/06/24 02:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\WXWarning
[2011/06/24 02:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\WXSpots
[2011/06/22 21:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(7)
[2011/06/22 21:27:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/06/22 21:27:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/06/22 21:27:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/22 20:30:37 | 000,000,000 | ---D | C] -- C:\Users\musicmatt\Desktop\camera
[2011/06/22 01:03:24 | 000,000,000 | ---D | C] -- C:\Users\musicmatt\AppData\Roaming\Weather Defender
[2011/06/20 15:40:59 | 000,000,000 | ---D | C] -- C:\Users\musicmatt\AppData\Roaming\FileZilla
[2011/06/20 15:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/06/20 15:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/06/20 15:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Scanner Recorder
[2011/06/18 23:22:23 | 000,000,000 | ---D | C] -- C:\Users\musicmatt\AppData\Local\Apple Computer
[2011/06/18 23:22:11 | 000,000,000 | ---D | C] -- C:\Users\musicmatt\AppData\Roaming\Apple Computer
[2011/06/18 11:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/18 03:07:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/18 03:07:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/18 03:07:14 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/18 03:07:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/16 23:25:08 | 000,000,000 | ---D | C] -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Interbank FX Trader 4
[2011/06/16 23:24:51 | 000,000,000 | ---D | C] -- C:\InterbankFX_1-Click
[2011/06/15 20:12:51 | 000,000,000 | ---D | C] -- C:\Users\musicmatt\AppData\Roaming\SpotterNetwork
[2011/06/15 20:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotter Network
[2011/06/15 20:07:48 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm50.dll
[2011/06/15 20:07:48 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msinet.ocx
[2011/06/15 20:07:42 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbar332.dll
[2011/06/15 20:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\SpotterNetwork
[2011/06/15 20:07:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.005
[2011/06/15 20:07:40 | 001,376,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.004
[2011/06/15 20:07:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.003
[2011/06/15 20:07:39 | 000,569,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2011/06/15 20:07:39 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001
[2011/06/15 20:07:39 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.002
[2011/06/15 01:02:57 | 000,000,000 | ---D | C] -- C:\Users\musicmatt\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/06/15 01:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2011/06/09 14:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/06/09 14:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/06/09 14:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/06/05 12:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/04/01 15:25:51 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdehcp.dll
[2011/01/16 16:17:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/05/29 12:08:10 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdeih.exe
[2007/05/29 12:07:58 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdecoms.exe
[2007/05/29 12:07:48 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdecfg.exe
[2007/05/17 17:08:58 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdepmui.dll
[2007/05/17 17:06:40 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdeserv.dll
[2007/05/17 17:00:32 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdelmpm.dll
[2007/05/17 17:00:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdecomm.dll
[2007/05/17 17:00:32 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdeinpa.dll
[2007/05/17 16:59:34 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdehbn3.dll
[2007/05/17 16:57:52 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdeusb1.dll
[2007/05/17 16:56:56 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdecomc.dll
[2007/05/17 16:52:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdeiesc.dll
[2007/05/17 16:51:30 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdeprox.dll
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/04 14:53:37 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011/07/04 14:49:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 14:49:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 14:49:21 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 14:49:08 | 1877,065,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/04 13:01:37 | 000,656,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/04 13:01:37 | 000,123,536 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/04 12:57:36 | 000,000,782 | ---- | M] () -- C:\Users\musicmatt\Desktop\fix.bat
[2011/07/04 12:57:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/04 12:12:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-880227785-1377843364-700853731-1003UA.job
[2011/07/04 05:05:05 | 179,362,107 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/03 21:12:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-880227785-1377843364-700853731-1003Core.job
[2011/07/02 15:53:02 | 000,000,858 | ---- | M] () -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Virtual DJ Pro.lnk
[2011/07/02 00:06:54 | 004,130,507 | R--- | M] (Swearware) -- C:\Users\musicmatt\Desktop\nchost.exe
[2011/07/02 00:04:17 | 000,000,894 | ---- | M] () -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/29 17:15:30 | 000,000,072 | ---- | M] () -- C:\Users\musicmatt\Desktop\gwrra.sc.t.url
[2011/06/29 17:14:36 | 000,000,072 | ---- | M] () -- C:\Users\musicmatt\Desktop\kf4nxs.url
[2011/06/29 17:13:34 | 000,000,078 | ---- | M] () -- C:\Users\musicmatt\Desktop\whenpigsflypro.url
[2011/06/29 13:21:06 | 000,002,713 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
[2011/06/29 04:08:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/06/29 03:30:55 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/29 03:27:36 | 000,001,772 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/29 03:19:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/29 03:18:33 | 000,395,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/29 02:57:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/06/29 02:45:03 | 000,015,872 | ---- | M] (VIA Technologies) -- C:\Windows\System32\drivers\1206856434.sys
[2011/06/29 01:47:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/28 17:58:32 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/06/28 17:58:30 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/06/28 17:58:30 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/06/28 17:58:30 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/06/28 17:58:30 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/06/28 17:58:30 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/06/28 17:58:28 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/06/28 17:58:28 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/06/28 17:58:28 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/06/28 17:58:28 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/06/28 17:58:28 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/06/28 17:58:26 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/06/26 21:44:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRLevelX
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/21 03:07:50 | 000,000,196 | ---- | M] () -- C:\Windows\System32\~.inf
[2011/06/21 03:07:22 | 004,212,452 | ---- | M] () -- C:\Users\musicmatt\Desktop\United_States_Frequency_Allocations_Chart_2003_-_The_Radio_Spectrum.jpg
[2011/06/20 15:40:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/06/20 15:38:31 | 000,001,888 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scanner Recorder.lnk
[2011/06/18 11:58:36 | 000,001,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/16 23:25:09 | 000,001,499 | ---- | M] () -- C:\Users\musicmatt\Desktop\Interbank FX Trader 4.lnk
[2011/06/16 15:37:26 | 000,000,066 | ---- | M] () -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chasing the Southeast.url
[2011/06/15 20:08:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotter Network
[2011/06/15 20:07:56 | 000,001,620 | ---- | M] () -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spotter Network.lnk
[2011/06/15 01:02:53 | 000,000,738 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweetDeck.lnk
[2011/06/15 01:02:53 | 000,000,726 | ---- | M] () -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TweetDeck.lnk
[2011/06/12 05:46:03 | 000,001,356 | ---- | M] () -- C:\Users\musicmatt\AppData\Local\d3d9caps.dat
[2011/06/09 14:37:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/06/06 18:11:35 | 000,000,258 | ---- | M] () -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/05 12:01:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/04 12:57:36 | 000,000,782 | ---- | C] () -- C:\Users\musicmatt\Desktop\fix.bat
[2011/07/02 15:53:02 | 000,000,858 | ---- | C] () -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Virtual DJ Pro.lnk
[2011/06/30 13:54:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/30 13:54:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/30 13:54:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/30 13:54:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/30 13:54:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/29 23:06:55 | 1877,065,728 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/29 22:55:57 | 179,362,107 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/29 17:15:30 | 000,000,072 | ---- | C] () -- C:\Users\musicmatt\Desktop\gwrra.sc.t.url
[2011/06/29 17:14:18 | 000,000,072 | ---- | C] () -- C:\Users\musicmatt\Desktop\kf4nxs.url
[2011/06/29 17:13:34 | 000,000,078 | ---- | C] () -- C:\Users\musicmatt\Desktop\whenpigsflypro.url
[2011/06/29 03:27:36 | 000,001,772 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/21 03:08:03 | 004,212,452 | ---- | C] () -- C:\Users\musicmatt\Desktop\United_States_Frequency_Allocations_Chart_2003_-_The_Radio_Spectrum.jpg
[2011/06/20 15:38:31 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scanner Recorder.lnk
[2011/06/18 11:58:36 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/16 23:25:09 | 000,001,499 | ---- | C] () -- C:\Users\musicmatt\Desktop\Interbank FX Trader 4.lnk
[2011/06/16 14:41:49 | 000,000,066 | ---- | C] () -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chasing the Southeast.url
[2011/06/15 20:07:56 | 000,001,620 | ---- | C] () -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spotter Network.lnk
[2011/06/15 01:02:53 | 000,000,738 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweetDeck.lnk
[2011/06/15 01:02:53 | 000,000,726 | ---- | C] () -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TweetDeck.lnk
[2011/06/06 18:11:35 | 000,000,258 | ---- | C] () -- C:\Users\musicmatt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/06 14:00:10 | 000,246,094 | ---- | C] () -- C:\Users\musicmatt\AppData\Local\census.cache
[2011/05/06 13:59:50 | 000,182,006 | ---- | C] () -- C:\Users\musicmatt\AppData\Local\ars.cache
[2011/05/06 13:48:06 | 000,000,036 | ---- | C] () -- C:\Users\musicmatt\AppData\Local\housecall.guid.cache
[2011/04/24 15:15:00 | 000,098,816 | ---- | C] () -- C:\Windows\System32\FGWVB32.DLL
[2011/04/01 15:25:51 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdeinst.dll
[2011/03/29 20:45:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/03/29 19:33:19 | 000,580,096 | ---- | C] () -- C:\Windows\System32\lame.exe
[2011/03/29 19:33:19 | 000,496,640 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011/03/29 19:33:19 | 000,307,200 | ---- | C] () -- C:\Windows\System32\Mp3Ctrl.dll
[2011/03/29 19:33:19 | 000,131,176 | ---- | C] () -- C:\Windows\System32\mp3gain.exe
[2011/03/29 19:33:19 | 000,086,016 | ---- | C] () -- C:\Windows\System32\akrip32.dll
[2011/03/29 16:56:23 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/03/29 16:24:12 | 000,000,416 | ---- | C] () -- C:\ProgramData\lxde
[2011/03/13 23:05:38 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/21 04:51:26 | 000,001,356 | ---- | C] () -- C:\Users\musicmatt\AppData\Local\d3d9caps.dat
[2011/01/19 04:43:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/19 04:43:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/18 02:15:50 | 000,669,002 | ---- | C] () -- C:\Windows\unins000.exe
[2011/01/18 02:15:50 | 000,001,103 | ---- | C] () -- C:\Windows\unins000.dat
[2011/01/17 22:23:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/17 02:56:42 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011/01/16 23:26:26 | 000,027,648 | ---- | C] () -- C:\Users\musicmatt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/16 23:15:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2011/01/16 23:15:44 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2011/01/16 18:44:22 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011/01/16 18:44:22 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/16 18:44:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011/01/16 18:44:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2011/01/16 17:51:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/16 17:12:37 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/01/16 17:12:36 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/01/16 16:17:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2011/01/16 16:17:04 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2011/01/16 16:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2008/03/30 02:41:02 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/29 23:28:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/03/29 23:28:21 | 000,192,816 | ---- | C] () -- C:\Windows\System32\drivers\SynTP.sys
[2008/03/29 23:28:06 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/03/29 23:28:06 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/03/29 23:28:05 | 000,000,040 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008/03/29 22:51:04 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/29 22:51:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2007/05/28 01:02:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdegrd.dll
[2007/05/24 16:24:26 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdedrs.dll
[2007/05/22 10:09:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdecaps.dll
[2007/05/03 18:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdecoin.dll
[2007/04/17 10:17:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdecnv4.dll
[2006/11/02 08:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,395,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,656,214 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,123,536 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/01 04:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdevs.dll
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/06/29 01:15:37 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\.purple
[2011/01/16 16:21:59 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Acer
[2011/03/05 21:12:14 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Audacity
[2011/06/29 02:24:48 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\BitTorrent
[2011/05/06 00:07:35 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\DriverCure
[2011/06/29 04:11:19 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\f-secure
[2011/06/29 02:24:48 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\FileZilla
[2011/04/22 18:53:39 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\GetRightToGo
[2011/06/27 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\GRLevel3
[2011/06/16 22:09:08 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\gtk-2.0
[2011/01/16 16:21:58 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Leadertech
[2011/03/13 23:20:33 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Leawo
[2011/04/25 19:44:24 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Lexmark Productivity Studio
[2011/03/13 23:20:37 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Moyea
[2011/01/18 03:31:26 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\OpenOffice.org
[2011/05/06 00:07:34 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\ParetoLogic
[2011/01/16 22:08:06 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\PCDJ
[2011/01/16 21:21:34 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Shareaza
[2011/05/10 18:19:09 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Sony
[2011/05/10 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Sony Setup
[2011/06/24 02:33:23 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\SpotterNetwork
[2011/04/12 14:47:34 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\SumatraPDF
[2011/04/27 12:38:04 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\TeamViewer
[2011/04/08 10:40:13 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Tether
[2011/06/15 01:02:57 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/05/06 02:00:49 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Uniblue
[2011/06/29 02:24:48 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\uTorrent
[2011/06/24 02:18:26 | 000,000,000 | ---D | M] -- C:\Users\musicmatt\AppData\Roaming\Weather Defender
[2011/05/05 11:59:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/07/02 15:51:59 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2011/04/24 21:53:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Digital Entertainer
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/06/29 04:10:39 | 000,000,000 | ---D | M] -- C:\ProgramData\F-Secure
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/03/13 23:07:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Leawo
[2011/05/09 12:36:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Lx_cats
[2011/01/17 15:07:30 | 000,000,000 | ---D | M] -- C:\ProgramData\musicmatt
[2011/05/06 00:50:26 | 000,000,000 | ---D | M] -- C:\ProgramData\ParetoLogic
[2011/01/16 22:08:03 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDJ
[2011/05/10 18:19:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/06/29 03:03:48 | 000,000,000 | ---D | M] -- C:\ProgramData\STOPzilla!
[2011/06/27 15:00:46 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/06 02:00:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue
[2008/03/29 23:11:48 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/07/04 14:53:17 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGRSMSVC.EXE >
[2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) MD5=39E435C90C9C4F780FA0ED05CA3C3A1B -- C:\Windows\System32\agrsmsvc.exe
[2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) MD5=39E435C90C9C4F780FA0ED05CA3C3A1B -- C:\Windows\System32\DriverStore\FileRepository\agrmdv32.inf_0ddf652a\agrsmsvc.exe

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: ATI2EVXX.EXE >
[2008/03/10 01:59:02 | 000,655,360 | ---- | M] (ATI Technologies Inc.) MD5=B886D349AFAD502DE4F6EA0C64B1CC4D -- C:\Windows\System32\Ati2evxx.exe
[2008/03/10 01:59:02 | 000,655,360 | ---- | M] (ATI Technologies Inc.) MD5=B886D349AFAD502DE4F6EA0C64B1CC4D -- C:\Windows\System32\DriverStore\FileRepository\cl_61295.inf_f4ec1680\B_60953\Ati2evxx.exe

< MD5 for: DFSC.SYS >
[2009/04/11 00:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=218D8AE46C88E82014F5D73D0236D9B2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys
[2011/04/14 10:36:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=3A3436F7DFE0E0C58CD5C3B6C9F21634 -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/14 10:36:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=3A3436F7DFE0E0C58CD5C3B6C9F21634 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys
[2011/04/14 10:36:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=3A3436F7DFE0E0C58CD5C3B6C9F21634 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys
[2008/01/20 22:24:55 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=9E635AE5E8AD93E2B5989E2E23679F97 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys
[2011/04/14 10:24:14 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=A3E9FA213F443AC77C7746119D13FEEC -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys
[2011/04/13 09:22:40 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=E20FB30D720810646ED24FB7CA9899A2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys

< MD5 for: LXDECOMS.EXE >
[2007/05/29 16:07:58 | 000,598,960 | ---- | M] ( ) MD5=626CF4DB8FF93DF819A6FF479F8086C4 -- C:\Windows\System32\config\systemprofile\{4a452778-f0bb-4a38-940c-1cc99117d899}\i386\lxdecoms.exe
[2007/05/29 16:07:58 | 000,598,960 | ---- | M] ( ) MD5=626CF4DB8FF93DF819A6FF479F8086C4 -- C:\Windows\System32\config\systemprofile\{f48ced33-c68e-430f-80ed-9a2ea4ef228f}\i386\lxdecoms.exe
[2007/05/29 16:07:58 | 000,598,960 | ---- | M] ( ) MD5=626CF4DB8FF93DF819A6FF479F8086C4 -- C:\Windows\System32\DriverStore\FileRepository\lxdeprc.inf_7b84dc0b\i386\lxdecoms.exe
[2007/05/29 16:07:58 | 000,598,960 | ---- | M] ( ) MD5=626CF4DB8FF93DF819A6FF479F8086C4 -- C:\Windows\System32\lxdecoms.exe
[2007/05/29 16:07:58 | 000,598,960 | ---- | M] ( ) MD5=626CF4DB8FF93DF819A6FF479F8086C4 -- C:\Windows\System32\spool\drivers\w32x86\{2C4DFD08-EF95-4C6A-9F2A-885FB012BA44}\i386\lxdecoms.exe
[2007/05/29 16:07:58 | 000,598,960 | ---- | M] ( ) MD5=626CF4DB8FF93DF819A6FF479F8086C4 -- C:\Windows\System32\spool\drivers\w32x86\{E94154B4-8774-497D-9EEC-81A38EA9F76A}\i386\lxdecoms.exe

< MD5 for: MSCORSVW.EXE >
[2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) MD5=31A71C94C8DD415B1C6A90BEE470F727 -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
[2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) MD5=8EE772032E2FE80A924F3B8DD5082194 -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) MD5=8EE772032E2FE80A924F3B8DD5082194 -- C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6002.18005_none_1fd1ab49e8ca6ebb\mscorsvw.exe
[2008/01/20 22:24:55 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=A4AF4201BD519971F8F34724F3CA9DBB -- C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6001.18000_none_1ff6260de878daa7\mscorsvw.exe
[2006/11/02 02:34:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=D3BF342F47996E18490970FCFB8126A8 -- C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6000.16386_none_2021a451e82131db\mscorsvw.exe
[2008/07/27 14:00:25 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D87ACAED61E417BBA546CED5E7E36D9C -- C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6000.16720_none_201c2ab5e826014f\mscorsvw.exe
[2008/07/27 13:55:53 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D87ACAED61E417BBA546CED5E7E36D9C -- C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6000.20883_none_0954415a01c84642\mscorsvw.exe
[2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D87ACAED61E417BBA546CED5E7E36D9C -- C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6001.18111_none_1ff70f6be8780df0\mscorsvw.exe
[2008/07/27 13:58:33 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D87ACAED61E417BBA546CED5E7E36D9C -- C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6001.22230_none_092b8008021d8703\mscorsvw.exe

< MD5 for: NDIS.SYS >
[2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\ERDNT\cache\ndis.sys
[2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008/01/20 22:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData\Application Data:$SS_DESCRIPTOR_1VPTV9VVMVFBVLVHKV6FYJ6VDVPMF7LBWK96HUTVVVVKVVBVLVV5
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_1VPTV9VVMVFBVLVHKV6FYJ6VDVPMF7LBWK96HUTVVVVKVVBVLVV5
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:53829683
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:8331D35A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EBC2DB92
< End of report >

OK!
Our fix.bat has done its work. We need to do that for one more file.

Create another fix.bat with this contents:
copy C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
pause

Run that on the infected machine in REATOGO-X-PE desktop. It should run without error.

After this we are ready to try and boot to normal. We have cleaned up a number of infections in system files, hopefully our system will be more responsive now to our tools.

If you still have combofix on your desktop, please delete it.

Please visit this webpage to download ComboFix again and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

ComboFix 11-07-04.02 - musicmatt 07/05/2011 10:22:34.4.2 - x86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.1789.941 [GMT -4:00]
Running from: c:\users\musicmatt\Downloads\Commy.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\users\musicmatt\AppData\Roaming\Microsoft\Windows\Recent\Archive created by free jZip.url
c:\windows\system32\~.inf
c:\windows\system32\c_03600.nls
c:\windows\system32\config\qnbwvoto
c:\windows\system32\drivers\1206856434.sys
c:\windows\system32\zip32.dll
.
Infected copy of c:\windows\system32\DRIVERS\SynTP.sys was found and disinfected
Restored copy from - The cat found it
.
((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))
.
.
2011-07-05 14:33 . 2011-07-05 14:35 -------- d-----w- c:\users\musicmatt\AppData\Local\temp
2011-07-05 14:33 . 2011-07-05 14:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-07-05 14:33 . 2011-07-05 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-05 14:18 . 2007-09-07 19:56 192816 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-07-04 07:58 . 2011-07-04 07:58 -------- d-----w- C:\_OTL
2011-07-02 19:51 . 2011-07-02 19:51 -------- d-----w- c:\programdata\boost_interprocess
2011-07-02 06:33 . 2011-07-02 06:33 -------- d-----w- c:\program files\DealPly
2011-07-02 06:30 . 2011-07-02 06:30 -------- d-----w- c:\users\musicmatt\AppData\Local\Ilivid Player
2011-07-02 06:29 . 2011-07-02 07:53 -------- d-----w- c:\program files\iLivid
2011-07-02 06:29 . 2011-07-02 06:29 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-07-02 05:22 . 2010-05-26 14:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-07-01 02:41 . 2011-07-01 02:41 -------- d-----w- c:\program files\ESET
2011-06-30 18:19 . 2011-06-30 18:20 -------- d-----w- C:\nchost
2011-06-30 17:53 . 2011-06-30 17:53 -------- d-----w- C:\ComboFix
2011-06-30 02:42 . 2011-06-30 02:43 -------- d-----w- C:\Commy
2011-06-29 08:11 . 2011-06-29 08:11 -------- d-----w- c:\users\musicmatt\AppData\Roaming\f-secure
2011-06-29 08:10 . 2011-06-29 08:10 -------- d-----w- c:\programdata\F-Secure
2011-06-29 07:27 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D411D8D-1796-4E8E-8120-CC1D98E749FC}\mpengine.dll
2011-06-29 07:20 . 2011-06-29 07:20 -------- d-----w- c:\windows\TempBC33A0E8-0AC2-22D1-303C-C46234BCB4E2-Signatures
2011-06-29 07:19 . 2011-06-29 07:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-29 06:56 . 2011-06-29 06:56 -------- d-----w- c:\program files\STOPzilla!
2011-06-29 06:56 . 2011-06-29 07:03 -------- d-----w- c:\programdata\STOPzilla!
2011-06-29 06:56 . 2011-06-29 06:56 -------- d-----w- c:\program files\Common Files\iS3
2011-06-29 06:49 . 2011-06-29 06:49 388096 ----a-r- c:\users\musicmatt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-29 06:49 . 2011-06-29 06:49 -------- d-----w- c:\program files\Trend Micro
2011-06-29 05:47 . 2011-06-29 05:47 -------- d-----w- c:\program files\CCleaner
2011-06-28 22:06 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-28 21:58 . 2011-06-28 21:58 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-06-28 21:58 . 2011-06-28 21:58 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-06-28 21:58 . 2011-06-28 21:58 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-06-28 21:58 . 2011-06-28 21:58 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-06-28 21:58 . 2011-06-28 21:58 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-06-28 21:58 . 2011-06-28 21:58 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-06-28 21:58 . 2011-06-28 21:58 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-06-28 21:58 . 2011-06-28 21:58 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-06-28 21:58 . 2011-06-28 21:58 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-06-28 21:58 . 2011-06-28 21:58 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-06-28 21:58 . 2011-06-28 21:58 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-06-28 21:58 . 2011-06-28 21:58 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-06-24 06:23 . 2011-06-24 06:37 -------- d-----w- c:\program files\WXWarning
2011-06-24 06:23 . 2011-06-24 06:36 -------- d-----w- c:\program files\WXSpots
2011-06-23 01:28 . 2011-06-23 01:28 -------- d-----w- c:\program files\Common Files\Java(7)
2011-06-22 05:03 . 2011-06-24 06:18 -------- d-----w- c:\users\musicmatt\AppData\Roaming\Weather Defender
2011-06-20 19:40 . 2011-06-29 06:24 -------- d-----w- c:\users\musicmatt\AppData\Roaming\FileZilla
2011-06-20 19:40 . 2011-06-20 19:40 -------- d-----w- c:\program files\FileZilla FTP Client
2011-06-20 19:38 . 2011-06-20 19:38 -------- d-----w- c:\program files\Scanner Recorder
2011-06-19 03:22 . 2011-06-19 03:22 -------- d-----w- c:\users\musicmatt\AppData\Local\Apple Computer
2011-06-19 03:22 . 2011-06-19 03:22 -------- d-----w- c:\users\musicmatt\AppData\Roaming\Apple Computer
2011-06-18 15:58 . 2011-06-18 15:58 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-18 07:07 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-18 07:07 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-18 07:07 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-17 11:11 . 2011-04-14 14:36 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-17 11:11 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 11:11 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 11:11 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 11:11 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-17 11:11 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 11:11 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 11:11 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 11:11 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 11:11 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-17 03:24 . 2011-06-17 05:12 -------- d-----w- C:\InterbankFX_1-Click
2011-06-16 00:12 . 2011-06-24 06:33 -------- d-----w- c:\users\musicmatt\AppData\Roaming\SpotterNetwork
2011-06-16 00:07 . 2004-03-09 04:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
2011-06-16 00:07 . 2001-08-23 04:00 1355776 ----a-w- c:\windows\system32\msvbvm50.dll
2011-06-16 00:07 . 2011-06-16 00:08 -------- d-----w- c:\program files\SpotterNetwork
2011-06-16 00:07 . 1998-04-24 04:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-06-16 00:07 . 2001-08-23 11:00 65024 ----a-w- c:\windows\system32\temp.005
2011-06-16 00:07 . 2006-11-02 08:46 1376528 ----a-w- c:\windows\system32\temp.004
2011-06-16 00:07 . 2001-08-23 11:00 17920 ----a-w- c:\windows\system32\temp.003
2011-06-16 00:07 . 2001-08-23 11:00 77824 ----a-w- c:\windows\system32\temp.002
2011-06-16 00:07 . 2001-08-23 11:00 569344 ----a-w- c:\windows\system32\temp.000
2011-06-16 00:07 . 2001-08-23 11:00 106496 ----a-w- c:\windows\system32\temp.001
2011-06-15 05:02 . 2011-06-15 05:02 -------- d-----w- c:\users\musicmatt\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-06-15 05:02 . 2011-06-15 05:02 -------- d-----w- c:\program files\TweetDeck
2011-06-09 18:38 . 2011-06-09 18:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-06-09 18:38 . 2011-06-09 18:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-06-09 18:38 . 2011-06-09 18:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-06-09 18:38 . 2011-06-09 18:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-06-09 18:38 . 2011-06-09 18:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-06-09 18:38 . 2011-06-09 18:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-06-09 18:38 . 2011-06-09 18:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-06-09 18:37 . 2011-06-09 18:38 -------- d-----w- c:\program files\QuickTime
2011-06-09 18:37 . 2011-06-09 18:37 -------- d-----w- c:\programdata\Apple Computer
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-06-05 16:07 . 2010-11-30 15:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 07:07 . 2011-04-18 16:14 96626003 ----a-w- c:\windows\system32\~.tmp
2011-06-07 15:55 . 2011-05-08 08:56 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 13:11 . 2011-04-13 10:32 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-04-13 10:32 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-09 16:32 . 2011-05-09 16:32 917577 ----a-w- c:\programdata\SPLB026.tmp
2011-04-27 19:25 . 2011-04-27 19:25 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-22 18:14 . 2011-04-22 18:14 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-22 18:14 . 2011-04-22 18:14 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-22 18:14 . 2011-04-22 18:14 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-22 18:14 . 2011-04-22 18:14 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-22 18:14 . 2011-04-22 18:14 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-22 18:14 . 2011-04-22 18:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-22 18:14 . 2011-04-22 18:14 367104 ----a-w- c:\windows\system32\html.iec
2011-04-22 18:14 . 2011-04-22 18:14 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 18:14 . 2011-04-22 18:14 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-22 18:14 . 2011-04-22 18:14 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 18:14 . 2011-04-22 18:14 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-22 18:14 . 2011-04-22 18:14 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-22 18:14 . 2011-04-22 18:14 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-22 18:14 . 2011-04-22 18:14 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-22 18:14 . 2011-04-22 18:14 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-22 18:14 . 2011-04-22 18:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-22 18:14 . 2011-04-22 18:14 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-22 18:14 . 2011-04-22 18:14 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-22 18:14 . 2011-04-22 18:14 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-18 17:18 . 2011-04-18 17:18 43392 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2011-04-18 17:18 . 2011-04-18 17:18 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2011-04-14 09:07 . 2011-01-17 20:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-13 03:10 . 2011-04-13 03:10 1307647 ----a-w- c:\programdata\SPLE0CC.tmp
2011-04-13 02:46 . 2011-04-13 02:46 3425131 ----a-w- c:\programdata\SPL5D71.tmp
2011-04-11 07:04 . 2011-05-07 05:16 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B409AE95-DECB-41AB-9F47-7E6974A33CE3}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-03-16 11:59 81920 ----a-w- c:\program files\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]
2011-06-06 12:20 78600 ----a-w- c:\program files\DealPly\DealPlyIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files\freecordertoolbar\vmntemplateX.dll" [2011-03-16 81920]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 07:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-12 249856]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI371A~1\Datamngr\datamngr.dll c:\progra~1\WI371A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2009-11-19 22:15 583016 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2011-03-24 07:11 167936 ----a-w- c:\program files\Freecorder 5\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-16 20:57 136176 ----atw- c:\users\musicmatt\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 17:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 19:23 81920 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [2007-05-29 99248]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\MUSICM~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4059.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 PRWXOUZX;PRWXOUZX;c:\users\MUSICM~1\AppData\Local\Temp\PRWXOUZX.exe [x]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2010-05-18 45608]
R3 ute3mty1;AVZ Kernel Driver;c:\windows\system32\Drivers\ute3mty1.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
R4 Tether;Tether;c:\program files\Tether\TBService.exe [2010-09-21 52664]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-03 35712]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2009-12-07 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2010-05-12 59280]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 59392]
S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 598960]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 20:57]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 20:57]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-880227785-1377843364-700853731-1003Core.job
- c:\users\musicmatt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 20:57]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-880227785-1377843364-700853731-1003UA.job
- c:\users\musicmatt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://en.us.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 205.152.128.23 205.152.37.23
TCP: Interfaces\{E7FC0445-53E8-4DE0-8BD6-E22182383273}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
Toolbar-10 - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
HKLM-Run-LTCM Client - c:\program files\LTCM Client\ltcmClient.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-05 10:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4059.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\Root\*PNP92e2\0000]
@DACL=(02 0000)
"Service"="1206856434"
"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"
"Class"="System"
"DeviceDesc"="PCI bus"
"Mfg"="Technologies Inc"
"LocationInformation"="on Microsoft ACPI-Compliant System"
"ConfigFlags"=dword:00000000
"Capabilities"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1024)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\PEV.exe
c:\windows\system32\wermgr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-07-05 10:40:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-05 14:40
.
Pre-Run: 29,476,433,920 bytes free
Post-Run: 30,146,457,600 bytes free
.
- - End Of File - - 22AFFCE9C0EB53F2B564927601BA5B5E

We are making progress.

I see you have malwarebytes installed.

Please open Malwarebytes' Anti-Malware, click the Update tab and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan and click Scan. Please post the resulting log in your next reply.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7028

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

7/5/2011 4:41:36 PM
mbam-log-2011-07-05 (16-41-36).txt

Scan type: Quick scan
Objects scanned: 156407
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Now that looks good!
How is your computer running now?

I got security essentials back working had to go in and fix the permissions on mbam to get it to scan. I need to clean up some of the reg files and the progs used to get the virus, thanks for the help. It no longer redirects my searches. Thanks again.... also I can not see the volume disply on the monitor with function up or down arrow like I used to, any suggestions

This could be related to the drivers of the monitor not being correctly installed. I´d search for those on the website of the manufacturer and re-install them

====================

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.

• Go to Start > Control Panel
  
• Double-click on Add or Remove Programs
  
• Look for entries that say Java, Java RunTime Environment or J2SE.
  
• Uninstall all of them that are not named Java (TM) 6 Update 26

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 26).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================
I see that you have P2P software installed on your machine (uTorrent).
While file-sharing is a useful concept, P2P programs are mostly used for shady/illegal practices like software piracy, copyright infraction and malware distribution. You really do not want to contribute to illegal activities or find yourself victim of cybercriminals using P2P for spreading of their malware. I would strongly recommend that you uninstall all P2P software, however that choice is up to you. If you choose to remove these programs, you can do so via Start >> Control Panel >> Add or Remove Programs.

====================

You have Stopzilla installed. That is a close to useless program, I recommend you uninstall it. You are running Kaspersky, which is totally fine and you don´t need the additional dubious services of Stopzilla.

====================

Time to uninstall used tools.

• Go to Start > Run and type or copy/paste Combofix /uninstall (note the space before the "/").
  
• Double click OTL.exe to run it again and click the CleanUp button.
  
• If we used any other tools and they still remain on your desktop, please delete them manually.

====================

Do you have any more questions or do you want to see my ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)?

OK after a restart everything is good but one thing, error WMIServi Application stopped working.

mandrews wrote:

OK after a restart everything is good but one thing, error WMIServi Application stopped working.

So, I haven´t got the slightest idea what that is. BUT the solution to this kind of problem is quite easy: do a Google search of the exact error that appears and you will find people who had the same problem and maybe stumble on solutions.

I googled it and found, for example:

http://technet.microsoft.com/en-us/library/ff404265.aspx

So that is what I recommend you to do. Google is a powerful computer problem assistant.

====================

Here follows my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean):

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit http://windowsupdate.microsoft.com. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:

• Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  
• Ad-Aware Free Internet Security has received great reviews from leading security analysts.
  
• Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:

• Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  
• Online Armor. A very smart and user friendly firewall.
  
• Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:

• Stay away from cracks and keygens (look here for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  
• Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use the last version) can be made a lot safer with Spywareblaster (manual here).
  
• The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  
• WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  
• Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? Help us back!

I also have found one of my programs not working right, and when ii went to uninstall to reinstall it, it said i didnt have permissions to uninstall. I went to properties to change permissions but no joy. Is there a prog to go in and change permissions.

If you have an administrator account you should have all the permissions you need

Try revo uninstaller?

Download and install Revo Uninstaller from here.

• Run Revo Uninstaller
  
• Find the program you want to uninstall, click it and click the Uninstall button
  
• When prompted for an uninstall mode choose Advanced
  
• Follow the prompts to uninstall the program and related registry entries

I will give it a try, apparently the virus changed permissions in the system, is there any thing that can be run to gain my permissions back. Or do i need to go in to securities in the folder and manually take it back over.

I have worked with Vista for about 1 week before I kicked it off my computer, so I can tell you very few about permissions and how they are set up.

I hope Revo works for you, otherwise maybe ask for additional help in Operating systems subforum.

http://www.GeekPolice.net/f20-operating-systems

I gained permissions back on the prog and got it fixed some what. It beeps when I click on it, never done that before. But i can get it to connect. Thanks for the help.... Most excellent JOB!!!!