WiredWX Hobby Weather ToolsLog in

 


MBR:\...\PHYSICALDRIVE0

2 posters

descriptionMBR:\...\PHYSICALDRIVE0 EmptyMBR:...PHYSICALDRIVE0

more_horiz
I can only start in safe mode. I'm running Vista 2nd update. I was running avast 5 when the scan picked up this rootkit virus. Here are the OTL and extras texts, also the aswMBR text.
_________
OTL Extras logfile created on: 8/13/2011 11:00:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dummy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.46% Memory free
2.16 Gb Paging File | 1.94 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 55.80 Gb Free Space | 25.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.53 Gb Free Space | 35.33% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: dummy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3731821497-1863557417-350186197-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EB27AC-24E6-4F7E-BEA2-6F73537DF84D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{079DA964-225A-43E4-93BB-B65133AC839F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{168B8360-B228-483D-8600-947717636C47}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{186FBE03-BDF2-41D1-95C9-6A511CED26FE}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{1DF635C1-187F-4ADB-9265-A4926B4DE20F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2054BF37-22A4-4C7C-BFFF-EB4CB2BB082E}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{2D0DF968-39FA-47A1-8733-6AB9CB9A1C96}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5875486D-ADCB-4136-BB4A-BEC9C2585115}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{596B81AE-1645-4401-8024-F70FAA557305}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{62BBE71C-73B4-429F-9BB4-440FC74144B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6776A08F-221C-4935-BA9A-FAA700D546B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A5406E2-EBBF-4F87-8751-32EE2D76616A}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{80B4C7DA-CE48-4EC3-8A9D-EC09E3E16FEE}" = lport=2178 | protocol=6 | dir=in | app=system |
"{812641CE-E0D2-42D6-8709-6881581B25AC}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{970412A7-EE29-4E4D-B7E1-FF95F8B9D388}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9BA664CB-3F3D-4CFA-B434-A19B335928AD}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{B2EA9E6A-3878-47DF-9FB3-FAF4668F1F03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B96FFD81-237B-495C-87FF-4CB7C19170C6}" = rport=2178 | protocol=6 | dir=out | app=system |
"{FF2DD0DA-16F5-4455-9587-A14374CB03EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014F8A22-CE7F-499E-BCB9-57BB669FFD4A}" = protocol=6 | dir=in | app=c:\users\ethan!\desktop\trywow.exe |
"{02791285-D961-4EBB-9E30-F584D45A2202}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{0ABD1915-6627-403E-A5D6-66253926081C}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgprocess.exe |
"{0DD01FB4-6A2E-4D9E-8481-ACB67F1140C6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{112F719D-FC66-4EE1-B09B-7BA9575A83A4}" = protocol=17 | dir=in | app=c:\users\debi!!\appdata\local\temp\wmpscnfg.exe |
"{1AB1EAF3-8E46-4466-85BE-336EF2F10FE6}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{21083DA9-C628-418C-B49E-7FB18A0F2369}" = protocol=6 | dir=in | app=c:\users\debi!!\appdata\local\temp\nvvscv.exe |
"{2B0E4EC6-30B5-4CC8-BB78-C24AEC663266}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3465BEB3-3D56-4DFA-BDE1-31482078A0D9}" = protocol=17 | dir=in | app=e:\ravenhearst_en.exe |
"{35C0A966-D908-4BE6-96CC-7A3914E552C2}" = protocol=6 | dir=in | app=e:\ravenhearst_en.exe |
"{3627E63F-91AB-40BD-B07E-13CAD63E990B}" = protocol=17 | dir=in | app=c:\users\ethan!\desktop\trywow.exe |
"{3C8F36C2-7101-45CE-9C17-D22468EA8F52}" = protocol=6 | dir=in | app=c:\users\debi!!\appdata\local\temp\wmpscnfg.exe |
"{3F604EBF-A50D-48AC-8261-D21C5EA4677C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{464475BB-7526-4C54-9820-108376FCE2FE}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4855DE68-82EB-4190-9C24-96EAA4FF3574}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{48EEAF7C-CEBB-4713-81DD-ACAE44986001}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{4DA67A1D-68D1-42D8-B230-C191986E50B2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{527867F9-D766-4A17-90D7-F07775F11B80}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{5F9AC933-139D-4C29-A014-57A9BCE625DA}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{611ACD0A-C6A4-48AD-8276-05DE2F52F464}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{7C616388-42B7-48CC-8CA3-7AA3AB06C383}" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe |
"{7EE6E32C-406E-4492-9CE2-B73894242405}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{80A17717-6007-490D-A201-DB40D189A878}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{81B470E0-E1C9-497B-8736-B9C22CFE39B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82B571A5-C9CF-4A1D-9C61-EC8BF779700F}" = protocol=17 | dir=in | app=c:\users\debi!!\appdata\local\temp\nvvscv.exe |
"{8CFABF60-EF2B-4E8A-9995-4CF844571CD0}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{9BD3A751-3F4E-4068-A9B4-D1217898F493}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{9ED94F92-8848-4BFB-8B2D-8D47991EF3D9}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfggameservices.exe |
"{A5EAE059-798D-46EE-868C-E74DCB40D5E3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{ABEE3B27-FF12-4E94-9FA1-BC02FB4503B3}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{ADC25442-7AC3-4801-9429-BD257139CE7E}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{B6858DB1-58E8-408D-B3EF-01316158FAA8}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgprocess.exe |
"{BA482BE8-6F17-4580-9DEA-AFB34E794237}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{BFFDCD7A-5457-414A-847C-852C46F1C57A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C5B0E0F1-64F5-4103-B87C-BD503A590DD4}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{C7F59A8E-1023-482D-90F2-673EFE9A1B3D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{CD8F569D-8510-4A69-9325-3B6874152CFE}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{D4C54C4C-C178-4C2A-B445-F71BCEBE3B08}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{D7912B64-A4D0-4BF9-9702-7C6A7FDAAB93}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7C43FEA-0875-4ADC-BAF1-385E2E5A6D02}" = protocol=6 | dir=out | app=system |
"{E30EC8A2-8789-40E7-BC1E-7F5FE153D3E0}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{EB735D33-FDD7-49FE-A7D8-A0D928636EE0}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{F1DB4E70-0882-49D0-8DEB-56EC8E4A8800}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{F209C1A4-E119-4F81-9A1A-FAD1BF8B4569}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{F81D17C5-8692-4283-992C-1B7D75D804C2}" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe |
"{FCD733CF-CD32-47B0-8C9E-0D59792DCC82}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfggameservices.exe |
"TCP Query User{28A56EDD-A2BD-4A8A-9CB1-2E023AF0E6E1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9BBA9B99-A202-4C92-A76A-9B6CD10A449A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A0475727-8B76-49FA-A9EB-176A7B233391}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"TCP Query User{A86B132D-E4F4-43AA-BBBF-84D29785AECA}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{EF23B7DE-BB94-423D-8B9E-140328C22C14}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{2907FA5D-B046-4726-80F4-7E3CB6434058}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"UDP Query User{D46FE928-7BCE-46D1-9B5E-CC74FE7150C2}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E36CFC14-1C12-4EB7-BCDB-0C11D8CB22E2}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F49022B7-F1CB-4C4D-AD64-5B253B425D72}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F79E9878-7514-4C98-B1CB-2259116ED0E1}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.2.79
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4A4E6B2-D45F-4EB1-8C3A-6EB8D45A31C9}" = ClientTools
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"Ask Toolbar_is1" = Ask Toolbar
"avast" = avast! Free Antivirus
"BfgBar" = Big Fish Games Toolbar 2.0
"BFGC" = Big Fish Games: Game Manager
"CCleaner" = CCleaner
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"conduitEngine" = Conduit Engine
"eGames GameButler" = eGames GameButler
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hoyle Puzzle & Board Games 2009" = Hoyle Puzzle & Board Games 2009
"IObit Security 360_is1" = IObit Security 360
"isoHunt Toolbar" = isoHunt Toolbar
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Standard)
"Live Billiards 2" = Live Billiards 2
"Magic Encyclopedia Moon Light 1.00" = Magic Encyclopedia Moon Light 1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NetSight" = Nielsen
"OpenAL" = OpenAL
"Origin" = Origin
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RollerCoaster Tycoon Setup" = Roll
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"Silent Package Run-Time Sample" = EPSON PictureMate User's Guide
"Smart Defrag 2_is1" = Smart Defrag 2
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"VIVAGplayer" = VIVA MEDIA GAME CENTER
"Voodoo Whisperer - Curse of a Legend" = Voodoo Whisperer - Curse of a Legend
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

__________________________
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-12 11:19:55
-----------------------------
11:19:55.458 OS Version: Windows 6.0.6002 Service Pack 2
11:19:55.458 Number of processors: 1 586 0x1601
11:19:55.458 ComputerName: JOYCE-PC UserName: dummy
11:19:56.050 Initialize success
11:20:02.602 AVAST engine defs: 11081200
11:20:10.699 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:20:10.699 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
11:20:12.727 Disk 0 MBR read successfully
11:20:12.727 Disk 0 MBR scan
11:20:12.742 Disk 0 Windows VISTA default MBR code
11:20:12.758 Disk 0 scanning sectors +488278016
11:20:12.836 Disk 0 scanning C:\Windows\system32\drivers
11:20:23.865 Service scanning
11:20:24.286 Service flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys **HIDDEN**
11:20:25.020 Modules scanning
11:20:30.043 Disk 0 trace - called modules:
11:20:30.074 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:20:30.090 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x849194b0]
11:20:30.604 3 CLASSPNP.SYS[87ba78b3] -> nt!IofCallDriver -> [0x83a2a898]
11:20:30.604 5 acpi.sys[8068f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83e49528]
11:20:31.431 AVAST engine scan C:\Windows
11:20:35.425 AVAST engine scan C:\Windows\system32
11:22:05.858 File: C:\Windows\system32\odbcbcpp.dll **INFECTED** Win32:Malware-gen
11:22:07.215 File: C:\Windows\system32\olecli322.dll **INFECTED** Win32:Malware-gen
11:22:20.116 File: C:\Windows\system32\schedsvcc.dll **INFECTED** Win32:Malware-gen
11:22:58.071 AVAST engine scan C:\Windows\system32\drivers
11:23:15.543 AVAST engine scan C:\Users\dummy
11:24:00.440 AVAST engine scan C:\ProgramData
11:29:02.612 Scan finished successfully
11:33:56.282 Disk 0 MBR has been saved successfully to "C:\Users\dummy\Desktop\MBR.dat"
11:33:56.282 The log file has been saved successfully to "C:\Users\dummy\Desktop\aswMBR.txt"


OTL logfile created on: 8/13/2011 11:00:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\dummy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.46% Memory free
2.16 Gb Paging File | 1.94 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 55.80 Gb Free Space | 25.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.53 Gb Free Space | 35.33% Space Free | Partition Type: NTFS

Computer Name: JOYCE-PC | User Name: dummy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/05/22 09:58:23 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/19 15:07:54 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/18 15:04:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/13 22:14:30 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/01/13 22:14:30 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2001/05/07 03:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/08/12 00:18:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (isoHunt Toolbar) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (isoHunt Toolbar) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - C:\Program Files\isoHunt\tbiso1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - C:\Windows\System32\SmartDefragBootTime.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^debi!!^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7249907A.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: conhost - hkey= - key= - File not found
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NielsenOnline - hkey= - key= - File not found
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SupportSoft RemoteAssist - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 22:55:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
[2011/08/13 02:45:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/13 02:45:25 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Local\temp
[2011/08/13 02:44:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/13 02:08:40 | 000,061,440 | ---- | C] ( ) -- C:\Users\dummy\Desktop\VEW.exe
[2011/08/12 12:07:18 | 004,170,159 | R--- | C] (Swearware) -- C:\Users\dummy\Desktop\ComboFix.exe
[2011/08/12 04:58:02 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\dummy\Desktop\aswMBR.exe
[2011/08/12 04:55:22 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\dummy\Desktop\ATF_Cleaner.exe
[2011/08/12 04:29:55 | 178,215,952 | ---- | C] (AVG Technologies) -- C:\Users\dummy\Desktop\avg_free_x86_all_2011_1392a3812.exe
[2011/08/12 00:07:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/12 00:07:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/12 00:07:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/12 00:07:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/12 00:07:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/05 02:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/08/05 02:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/08/04 17:46:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/08/04 17:46:46 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/08/04 17:46:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/08/04 17:46:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/08/04 17:46:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/08/04 17:46:44 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/08/04 17:46:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/08/04 17:46:44 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/08/04 17:46:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/08/04 17:46:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/08/03 00:19:03 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Hoyle FaceCreator
[2011/08/03 00:19:02 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/07/30 03:32:38 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\AVG10
[2011/07/30 03:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/30 03:30:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/07/30 03:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/07/29 22:58:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/29 22:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/25 10:56:15 | 000,000,000 | ---D | C] -- C:\Users\dummy\AppData\Roaming\Vogat Interactive
[2011/07/18 18:57:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/07/15 00:35:04 | 000,036,864 | ---- | C] (TOSHIBA/MEI) -- C:\Windows\System32\SDDEVMGR.dll
[2011/07/15 00:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2011/07/15 00:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/13 22:56:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\dummy\Desktop\OTL.com
[2011/08/13 22:04:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/13 22:04:10 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/08/13 22:02:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/13 09:32:41 | 000,000,680 | ---- | M] () -- C:\Users\dummy\AppData\Local\d3d9caps.dat
[2011/08/13 02:08:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\dummy\Desktop\VEW.exe
[2011/08/13 02:05:35 | 000,060,184 | ---- | M] () -- C:\Users\dummy\Desktop\bluescreenview.zip
[2011/08/12 12:07:21 | 004,170,159 | R--- | M] (Swearware) -- C:\Users\dummy\Desktop\ComboFix.exe
[2011/08/12 11:33:56 | 000,000,512 | ---- | M] () -- C:\Users\dummy\Desktop\MBR.dat
[2011/08/12 04:58:13 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\dummy\Desktop\aswMBR.exe
[2011/08/12 04:56:40 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\dummy\Desktop\ATF_Cleaner.exe
[2011/08/12 04:33:02 | 126,978,706 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/12 04:29:56 | 178,215,952 | ---- | M] (AVG Technologies) -- C:\Users\dummy\Desktop\avg_free_x86_all_2011_1392a3812.exe
[2011/08/12 00:18:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/11 23:22:04 | 000,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/11 23:22:04 | 000,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/05 07:07:28 | 000,006,472 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/08/04 17:46:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/08/04 17:46:46 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/08/04 17:46:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/08/04 17:46:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/08/04 17:46:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/08/04 17:46:44 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/08/04 17:46:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/08/04 17:46:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/08/04 17:46:44 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/08/04 17:46:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/08/04 17:46:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/07/30 19:14:39 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/30 10:34:12 | 000,354,150 | ---- | M] () -- C:\Users\dummy\AppData\Local\census.cache
[2011/07/30 10:34:06 | 000,188,155 | ---- | M] () -- C:\Users\dummy\AppData\Local\ars.cache
[2011/07/30 05:18:45 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\dummy\Desktop\HousecallLauncher.exe
[2011/07/25 02:53:50 | 000,000,552 | ---- | M] () -- C:\Users\dummy\AppData\Local\d3d8caps.dat
[2011/07/24 23:27:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\cgscfs.sys
[2011/07/24 22:12:35 | 000,004,740 | ---- | M] () -- C:\Users\dummy\AppData\Roaming\F9E4.B29
[2011/07/24 04:35:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 04:35:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 01:29:58 | 000,000,632 | RHS- | M] () -- C:\Users\dummy\ntuser.pol
[2011/07/20 05:12:31 | 000,866,304 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/07/20 05:04:57 | 001,690,624 | RH-- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/07/15 00:35:04 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

The rest of the log will be in the next post.
Thanx!

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
Here is the rest of the OTL log.

========== Files Created - No Company Name ==========

[2011/08/13 02:05:35 | 000,060,184 | ---- | C] () -- C:\Users\dummy\Desktop\bluescreenview.zip
[2011/08/12 11:33:56 | 000,000,512 | ---- | C] () -- C:\Users\dummy\Desktop\MBR.dat
[2011/08/12 00:07:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/12 00:07:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/12 00:07:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/12 00:07:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/12 00:07:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/05 08:42:58 | 126,978,706 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/05 02:51:50 | 000,006,472 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/30 05:28:02 | 000,354,150 | ---- | C] () -- C:\Users\dummy\AppData\Local\census.cache
[2011/07/30 05:27:56 | 000,188,155 | ---- | C] () -- C:\Users\dummy\AppData\Local\ars.cache
[2011/07/25 02:53:50 | 000,000,552 | ---- | C] () -- C:\Users\dummy\AppData\Local\d3d8caps.dat
[2011/07/24 23:27:02 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\cgscfs.sys
[2011/07/24 04:36:03 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/07/20 04:47:10 | 001,690,624 | RH-- | C] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/07/20 04:47:10 | 000,866,304 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
[2011/07/15 00:35:04 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk
[2011/07/08 03:30:34 | 000,004,608 | ---- | C] () -- C:\Users\dummy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 22:16:12 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/05/09 11:37:00 | 000,004,740 | ---- | C] () -- C:\Users\dummy\AppData\Roaming\F9E4.B29
[2011/05/06 23:43:52 | 000,011,026 | -HS- | C] () -- C:\ProgramData\go2n3m44mx5oqb8kpjht117f671t8u8u0jpxv8j6414k8x2
[2011/05/03 16:48:47 | 000,000,680 | ---- | C] () -- C:\Users\dummy\AppData\Local\d3d9caps.dat
[2011/05/03 16:48:16 | 000,000,036 | ---- | C] () -- C:\Users\dummy\AppData\Local\housecall.guid.cache
[2011/05/03 13:15:21 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/05/03 13:15:21 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/04/09 13:38:06 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~22470408r
[2011/04/09 13:38:05 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~22470408
[2011/04/09 13:38:01 | 000,000,336 | -H-- | C] () -- C:\ProgramData\22470408
[2011/04/08 04:02:53 | 000,012,416 | -HS- | C] () -- C:\ProgramData\2935481361
[2011/04/08 03:59:45 | 000,012,404 | -HS- | C] () -- C:\ProgramData\ve3k80q6ia
[2011/04/07 06:55:18 | 000,011,400 | -HS- | C] () -- C:\ProgramData\325cq8r6ceko405fg
[2011/03/27 01:41:01 | 000,011,936 | -HS- | C] () -- C:\ProgramData\106v50l53jpe0d87ue1i
[2011/03/23 03:58:47 | 000,010,572 | -HS- | C] () -- C:\ProgramData\fb22xu425vb5fp54wy6lyr05k7ql7026w3vc55a2845p1
[2010/10/28 17:40:57 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/10/28 17:40:56 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2010/08/31 16:50:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/08/31 16:50:28 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/08/31 16:50:28 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/05/22 09:58:23 | 000,266,240 | ---- | C] () -- C:\Windows\System32\CSHelper.exe
[2010/04/19 22:09:40 | 000,003,330 | -HS- | C] () -- C:\ProgramData\22k5paIc
[2010/03/18 20:44:11 | 000,000,473 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/02/23 21:57:59 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/08 06:04:27 | 000,000,044 | -H-- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2010/01/28 06:09:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/01/13 22:14:30 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/01/13 22:14:30 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/12/21 05:58:30 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2009/11/20 08:10:48 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/11/19 10:05:41 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dxdiaag.exe
[2009/11/04 04:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\LiveBilliards.INI
[2009/10/21 05:20:38 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009/08/14 12:32:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/14 12:32:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/05 19:31:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/26 17:52:58 | 000,055,954 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008/10/15 16:36:13 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/16 00:56:10 | 000,023,040 | ---- | C] () -- C:\Windows\System32\PopWait.exe
[2008/09/05 22:49:59 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/09/05 22:49:59 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/09/04 19:29:18 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/07/18 17:32:08 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/18 17:32:08 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/18 17:32:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/18 17:32:08 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/03 16:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,266,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:51 | 000,040,960 | ---- | C] () -- C:\Windows\System32\clleanmgr.exe
[2006/11/02 03:33:01 | 000,594,698 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,100,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/10/07 17:07:38 | 000,011,376 | R--- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/12 04:58:13 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\dummy\Desktop\aswMBR.exe
[2011/08/12 04:56:40 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\dummy\Desktop\ATF_Cleaner.exe
[2011/08/12 04:29:56 | 178,215,952 | ---- | M] (AVG Technologies) -- C:\Users\dummy\Desktop\avg_free_x86_all_2011_1392a3812.exe
[2011/08/12 12:07:21 | 004,170,159 | R--- | M] (Swearware) -- C:\Users\dummy\Desktop\ComboFix.exe
[2011/07/30 05:18:45 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\dummy\Desktop\HousecallLauncher.exe
[2011/08/13 02:08:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\dummy\Desktop\VEW.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/08/13 22:04:10 | 268,435,456 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\system32\temppf.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/05/03 10:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/11/19 23:14:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/01/10 12:41:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Adventure Chronicles
[2011/05/03 10:42:50 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/02/18 00:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2011/02/04 09:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/08/22 16:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\AskBarDis
[2011/07/30 03:30:12 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\Bejeweled 3
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\BfgBar
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/05/03 10:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/07/12 12:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\Celeris
[2008/07/18 15:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/08/13 02:41:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/19 06:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/07/03 14:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2008/07/18 09:37:59 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/09/19 20:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\Cryo Interactive Entertainment
[2008/07/18 14:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/12/29 17:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\Datel
[2008/07/18 15:09:26 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/07/18 15:01:35 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2011/02/28 19:12:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Diablo II
[2011/05/03 10:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/01/24 23:31:14 | 000,000,000 | -H-D | M] -- C:\Program Files\directx
[2011/05/03 10:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\Dream Chronicles - The Chosen Child
[2010/01/28 00:40:04 | 000,000,000 | ---D | M] -- C:\Program Files\eGames
[2011/06/17 01:48:00 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/11/17 06:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2011/07/03 04:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\Free YouTube Downloader
[2011/08/10 00:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Games
[2011/07/03 14:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\Ganymede
[2011/07/05 23:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\Golden Trails 2 The Lost Legacy
[2010/01/31 21:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/05/03 10:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Green Moon
[2011/07/03 14:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\Hoyle Puzzle & Board Games 2009
[2011/07/15 00:35:03 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/07/18 14:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/05/09 12:17:48 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/05/10 22:46:05 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2011/07/03 14:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\isoHunt
[2009/05/25 17:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/10/17 23:46:57 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/05/03 10:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/08/22 16:07:40 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2009/11/10 04:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/07/24 23:10:51 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/03 10:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\Marooned
[2010/02/01 20:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/07/18 14:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/18 14:55:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 05:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/05 09:03:58 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2010/01/19 14:01:47 | 000,000,000 | -H-D | M] -- C:\Program Files\My Downloaded Games
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Nightmare Adventure - Witchs Prison
[2011/05/03 10:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2011/06/17 01:48:14 | 000,000,000 | ---D | M] -- C:\Program Files\Origin
[2009/12/06 04:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\OXXOGames
[2011/07/15 00:35:04 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2010/04/10 01:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/09/21 00:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2006/11/02 05:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/19 05:32:26 | 000,000,000 | -H-D | M] -- C:\Program Files\ReflexiveArcade
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Secret Mission - The Forgotten Island
[2010/07/30 09:18:24 | 000,000,000 | -H-D | M] -- C:\Program Files\Snark Busters Welcome to the Club
File not found -- C:\Program Files\Sultan of Persia
[2011/08/12 03:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/07/09 01:10:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Telltale Games
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Trapped - The Abduction
[2009/02/02 17:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2006/11/02 05:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/05/03 13:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/05/03 10:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Viva Media Game Center
[2011/05/05 02:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\Voodoo Whisperer - Curse of a Legend
[2010/04/24 09:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2011/07/15 20:28:23 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/10/13 20:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/04/08 07:48:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/05/03 10:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/05/10 09:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/19 10:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/05/03 10:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/11/18 04:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/12/30 04:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games


< MD5 for: AGP440.SYS >
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 19:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 19:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 02:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 19:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-03 21:32:52

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 19:33:55 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:33611CFB
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:03DF2E8E
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:65929158
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:4FE42FFC
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:43157EDE
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:88B0DDFD
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:7158CB97
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5E5122BD
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:0310A379
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:6D94BA26
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:6C13E971
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:506E1E25
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:3DA71AE7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:398D29B6
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PBPUV9VK9V89VMRV5V4REABYEKLPH9E48E2R0T5PL34DBWFLM3TLVVVVVVVVVVJVK
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:378824DE
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:852F2262
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:697DDE2B
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:18DEBC51
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:70B67720
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:DA5888A7
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:65521523
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:47B543D8
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:6EE919A7
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:359B5EAB
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:37F92FC5
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:C144EBE0
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:E3892B6D
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:C946DB94
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:C3A4217C
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:37C5B4CA
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:FEF90995
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AA6C7C38
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:8D4852A2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:6F863BC7
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:F073D52C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:5E85021E
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:42EF7FC8
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:33E12B7A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:05487299
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D373CB5C
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:058A7351
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:FB65A4AA
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F854B030
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DC21D414
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D41E806D
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CEDA49F4
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:97AD6135
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:ED86E7AC
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:72739815
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:40DB6D00
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0C9C1FE0
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E7B4296D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C49A5AD1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9F36615A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:65B8AF94
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:60EA2068
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2495D97A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0479E312
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:7FEAB9B8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4AA3DAA3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:250A84D5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DDA2D0EB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DCC862FF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9F222B60
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:80F63EC3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:50F94E7B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:367F03D2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:349CACE5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0F38B460
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F1D9186A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9BFAA502
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:3D0C4F47
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1E3035E2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:16EC8A23
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DC0B1070
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D3DFEDE1
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B4FDEF97
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AE8D9000
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:9CD61266
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:7BFAAE70
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:62197B73
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1E6E20D4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F8F070C2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F5D81BA1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E39052E1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CDC1B76E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CC228581
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B2CB0E61
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B1BFD26C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:59ABA9C6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:32A82570
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:1E3397DC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:0803A95E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C3CB23B4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ACBFC561
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A72132CC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4D551822
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FC5AE643
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C3A1351B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A752D3DB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:341C1FBD
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:13EF4AF6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:FDAF118C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F24AD862
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:EC94F18F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:8396B0AE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:31426EDF
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1170D6E4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EA10407C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E411AA0D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A26AC9FC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6B05AF40
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:49DB5ACF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3C75E5BE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:04CE8640
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FE4E15B1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E8A39657
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D53344E0
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4D9D205F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4735EB3F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:322C7029
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:04F67B3D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:8101D728
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:42A3BDD7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:17927369
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:115FA012
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D197DC80
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B4980368
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:93B0BB6F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5A27D490
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:447AD91E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:41DAF48E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D3168CCE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:CC0D80AD
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C186F20B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9B9085E9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:90C12AC3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B430BE3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:715EDF9F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:62AC0CCE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:07A0D262
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F0E0213B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DB77E2C4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BD8C785E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:703CE963
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:48977386
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:35D692B0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:26FBC1F9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:11201333
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:073341D1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CD346A22
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BFAF71E0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A76A1B1B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7C819E94
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:687D1056
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5E413CD6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5795E8B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:12FE8709
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:09B77012
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FAF6860A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B9F6BE51
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8DCF53BE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:51EFAA18
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:478FEFC3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:195E2CF2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1FCF7DE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:98982C88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:92610EA3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:78B923B2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:50636E35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3F9A3DFF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F5F91AE1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:ECE19DD1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B77C5DEF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B64F7263
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:93C48025
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:725A4A66
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:62B9E014
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:615B50FC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:541F9F51
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FFEECAB4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F45F3031
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F25B38E8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F0C1FF18
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:988216DA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1477B2F8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D390A6A7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:68EF6203
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:59C113EC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4B1195DD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48C1DDAA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FA1EAA7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E8CB831A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D3930F74
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CEF2A14E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C5E2BAEE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:74F3CA70
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:73D86CD1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:69C58877
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5947273C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F7763364
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DC85983B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C1ECC69C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:90A2BDE4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8F248747
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:54CB420C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:437B9941
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:41B89F80
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:405D842B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:133CC4C3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FC2D8A6F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E736CE6B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AC4DECA9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A5F155F1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8ACA54F1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:814692DF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3D6B89CE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3BAE765B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1C90EF4F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1B7E2022
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:17844542
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:15606AA7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0DCCEC7C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D0BB00BB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C92A6B45
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:370E4EFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:26A148EB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1CF2F47C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A57500CB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8B3A123D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7B626525
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:53C0A7FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:18EE7F24
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1898E06D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:05DCA64A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D941299B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B688AC76
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:81B5B293
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6FC375B1
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C99C213
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0B210DD3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BFD53918
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:996104FC
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8CCA8DB4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:583D44CB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:51F17BB8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:27B25A27
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2361E235
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2342AE46
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34EFF1F2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:2C22C34B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EB12FF2B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DB4C77AD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:2C250258
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:FEAEBBCA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:57176330
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:08EA7FD1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:517B507A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2F8138B7
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E5294695
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D7DA89B1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A37A44E3
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:938EC881
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:20685A31
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D8C96088
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B6FD7157
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:8BB2EC84
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1DEE6B65
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:D8228ABB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:CFF21EA7
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:10D98D98
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:026B76F2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:69AF9D20
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:315B4A13
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:AAF55C17
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9C012695
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8D9EB6DC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:49951DEB
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:43CFCEB7
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:B47F9D81
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F52A6209
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:0664ADFC
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6444B424
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:38BFF11F
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:F74C32B0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5070F1A6

< End of report >

Hopefully someone can help.
Thanx!

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
ComboFix 11-08-21.01 - dummy 08/21/2011 11:26:48.1.1 - x86 NETWORK
Microsoft®️ Windows Vista™️ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1669 [GMT -7:00]
Running from: c:\users\dummy\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\Ethan!\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\dummy\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-08-21 18:34 . 2011-08-21 18:34 -------- d-----w- c:\users\debi!!\AppData\Local\temp
2011-08-05 09:48 . 2011-08-05 14:25 -------- d-----w- c:\programdata\STOPzilla!
2011-08-05 09:48 . 2011-08-05 09:48 -------- d-----w- c:\program files\Common Files\iS3
2011-08-05 00:46 . 2011-08-05 00:46 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-08-05 00:46 . 2011-08-05 00:46 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-08-05 00:46 . 2011-08-05 00:46 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-08-05 00:46 . 2011-08-05 00:46 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-08-05 00:46 . 2011-08-05 00:46 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-08-05 00:46 . 2011-08-05 00:46 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-08-05 00:46 . 2011-08-05 00:46 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-08-05 00:46 . 2011-08-05 00:46 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-08-05 00:46 . 2011-08-05 00:46 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-08-05 00:46 . 2011-08-05 00:46 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-08-05 00:46 . 2011-08-05 00:46 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-08-05 00:46 . 2011-08-05 00:46 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-08-03 07:19 . 2011-08-21 13:54 -------- d-----w- c:\users\dummy\AppData\Roaming\Hoyle FaceCreator
2011-08-03 07:19 . 2011-08-21 13:55 -------- d-----w- c:\users\dummy\AppData\Roaming\Hoyle Puzzle and Board Games
2011-07-30 10:32 . 2011-07-30 10:32 -------- d-----w- c:\users\dummy\AppData\Roaming\AVG10
2011-07-30 10:30 . 2011-08-12 11:33 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-30 10:30 . 2011-07-30 10:31 -------- d-----w- c:\programdata\AVG10
2011-07-30 10:30 . 2011-07-30 10:30 -------- d-----w- c:\program files\AVG
2011-07-30 05:58 . 2011-07-30 05:58 -------- d--h--w- c:\programdata\Common Files
2011-07-30 05:58 . 2011-08-12 11:34 -------- d-----w- c:\programdata\MFAData
2011-07-25 17:56 . 2011-07-25 17:56 -------- d-----w- c:\users\dummy\AppData\Roaming\Vogat Interactive
2011-07-25 13:40 . 2011-07-25 13:40 -------- d-----w- c:\users\debi!!\AppData\Roaming\SUPERAntiSpyware.com
2011-07-25 06:27 . 2011-07-25 06:27 54016 ----a-w- c:\windows\system32\drivers\cgscfs.sys
2011-07-24 15:31 . 2011-07-24 15:31 -------- d-----w- c:\users\debi!!\AppData\Roaming\Looking_Glass_Lane_Gude
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 22:12 . 2011-07-07 22:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 19:36 . 2010-05-12 23:48 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-07 19:36 . 2010-05-12 23:48 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-07 02:52 . 2010-03-11 05:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2010-03-11 05:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 08:42 . 2011-06-17 07:34 1324 ----a-w- c:\windows\system32\ealregsnapshot1.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-05-12 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-18 00:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 18:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2010-05-12 16:39 2515552 ----a-w- c:\program files\isoHunt\tbiso1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-05-12 2515552]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "c:\program files\isoHunt\tbiso1.dll" [2010-05-12 2515552]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
.
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\Alwil Software\Avast5\ashShell.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-18 22:04 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKLM\~\startupfolder\C:^Users^debi!!^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7249907A.lnk]
path=c:\users\debi!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7249907A.lnk
backup=c:\windows\pss\7249907A.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 07:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 12:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conhost]
c:\program files\Internet Explorer\conhost.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 18:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NielsenOnline]
c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 14:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3731821497-1863557417-350186197-1001]
"EnableNotificationsRef"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-05-22 266240]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-12 312152]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 04:18]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{43D50626-08A0-4A24-B741-20D9B51DC7DF}: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 11:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UnlockerDriver5]
"ImagePath"="\??\c:\program files\Unlocker\UnlockerDriver5.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(700)
c:\windows\system32\igfxsrvc.dll
.
Completion time: 2011-08-21 11:37:05
ComboFix-quarantined-files.txt 2011-08-21 18:37
ComboFix2.txt 2011-08-13 09:45
ComboFix3.txt 2011-08-12 19:20
ComboFix4.txt 2011-08-12 07:20
.
Pre-Run: 59,385,589,760 bytes free
Post-Run: 59,348,746,240 bytes free
.
- - End Of File - - B8EF6A72C0FFBDB3111B6896C8BF7E4F



Thanx alot for getting back to me!! Hooray!

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
Hi again. Please do these steps in order.

1. Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


2. MBR:\...\PHYSICALDRIVE0 Mbamicontw5 Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


5. Post the following in your next reply:
  • MBAM log
  • SAS log
  • ESET log

And, please tell me how your computer is doing.

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
Here are the logs.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7544

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

8/23/2011 5:46:05 AM
mbam-log-2011-08-23 (05-46-05).txt

Scan type: Full scan (C:\|)
Objects scanned: 370645
Time elapsed: 45 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/23/2011 at 06:41 AM

Application Version : 4.56.1000

Core Rules Database Version : 7591
Trace Rules Database Version: 5403

Scan type : Complete Scan
Total Scan Time : 00:39:57

Memory items scanned : 315
Memory threats detected : 0
Registry items scanned : 9405
Registry threats detected : 0
File items scanned : 27912
File threats detected : 8

Adware.Tracking Cookie
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@lfstmedia[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@collective-media[1].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@ads.bleepingcomputer[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@ad.yieldmanager[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@media6degrees[2].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@statcounter[1].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@content.yieldmanager[1].txt
C:\Users\dummy\AppData\Roaming\Microsoft\Windows\Cookies\dummy@invitemedia[2].txt


C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\ie3sh.exe.vir probably a variant of Win32/BHO.OCS trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\FBStoolbar.exe.vir a variant of Win32/BHO.OCS trojan deleted - quarantined
C:\Tools\unlocker1.9.0.exe Win32/Adware.ADON application deleted - quarantined
C:\Users\debi!!\Desktop\game torrents\House_M.D\House M.D\li-games-silent-2.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\debi!!\Desktop\rar games\FreeYouTubeDownloaderSetup.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\debi!!\Desktop\Tools\unlocker1.9.0.exe Win32/Adware.ADON application deleted - quarantined
C:\Users\debi!!\Downloads\duplicate-file-detective-3.0.1.69.exe a variant of Win32/Agent.QHQ trojan deleted - quarantined
C:\Users\debi!!\Downloads\Empress of the Deep - The Darkest Secret.exe a variant of Win32/Agent.RRG trojan cleaned by deleting - quarantined
C:\Users\debi!!\Downloads\Reincarnations 3 - Back to Reality BETA.exe a variant of Win32/TrojanDropper.Small.NMF trojan cleaned by deleting - quarantined
C:\Users\debi!!\Downloads\Twisted Land - Shadow Town\Twisted Land - Shadow Town.exe Win32/Delf.PQO trojan deleted - quarantined
C:\Windows\System32\clleanmgr.exe Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\dxdiaag.exe Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\odbcbcpp.dll Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\olecli322.dll Win32/BHO.ODE trojan cleaned by deleting - quarantined
C:\Windows\System32\schedsvcc.dll Win32/BHO.ODE trojan cleaned by deleting - quarantined
Smile...

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
The startup on my computer is a little faster but I still can't start Windows normally. The BSoD message is still the same. :sad:

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
Status: Deleted (events: 16)
8/23/2011 4:49:19 PM Deleted Trojan program Trojan.Win32.Koblu.bsz C:\Documents and Settings\debi!!\Desktop\game torrents\Big Fish Games - Trapped The Abduction - PreCrack-no.exe High
8/23/2011 4:49:19 PM Deleted Trojan program Trojan.Win32.Koblu.bsz C:\Documents and Settings\debi!!\Desktop\game torrents\Big Fish Games - Trapped The Abduction - PreCrack-no.exe//svchost.exe High
8/23/2011 4:48:54 PM Deleted Trojan program Trojan.Win32.VB.yxt C:\Documents and Settings\debi!!\Desktop\game torrents\Marooned-no\Marooned.exe High
8/23/2011 4:48:54 PM Deleted Trojan program Trojan.Win32.VB.yxt C:\Documents and Settings\debi!!\Desktop\game torrents\Marooned-no\Marooned.exe//openfile.exe High
8/23/2011 4:52:56 PM Deleted Trojan program Backdoor.Win32.VB.lac C:\Documents and Settings\debi!!\Desktop\rar games\Allora_and_the_Broken_Portal_BETA.rar High
8/23/2011 4:52:56 PM Deleted Trojan program Backdoor.Win32.VB.lac C:\Documents and Settings\debi!!\Desktop\rar games\Allora_and_the_Broken_Portal_BETA.rar//Allora and the Broken Portal BETA/Security.dll High
8/23/2011 6:16:49 PM Deleted Trojan program Trojan.Win32.Vilsel.ajcm C:\Documents and Settings\debi!!\Downloads\Twisted Land - Shadow Town.rar High
8/23/2011 6:16:49 PM Deleted Trojan program Trojan.Win32.Vilsel.ajcm C:\Documents and Settings\debi!!\Downloads\Twisted Land - Shadow Town.rar//Twisted Land - Shadow Town.exe High
8/23/2011 6:16:49 PM Deleted Trojan program Trojan.Win32.Vilsel.ajcm C:\Documents and Settings\debi!!\Downloads\Twisted Land - Shadow Town.rar//Twisted Land - Shadow Town.exe//data0002 High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe//data0016.res High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe//data0016.res//Magic_Encyclopedia_Moon_Light.exe High
8/23/2011 6:17:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\debi!!\Downloads\Magic Encyclopedia Moon Light\Magic Encyclopedia Moon Light.exe//data0000.cab High
8/23/2011 6:41:22 PM Deleted Trojan program Trojan.Win32.Buzus.aafw C:\Program Files\Real\RealPlayer\library\Dr. Monocle's Optical Experiment (New Hidden Object Game)\Dr Monocles.exe High
8/23/2011 6:41:22 PM Deleted Trojan program Trojan.Win32.Buzus.aafw C:\Program Files\Real\RealPlayer\library\Dr. Monocle's Optical Experiment (New Hidden Object Game)\Dr Monocles.exe//lu.07.10.exe High
8/23/2011 6:41:22 PM Deleted Trojan program Trojan.Win32.Buzus.aafw C:\Program Files\Real\RealPlayer\library\Dr. Monocle's Optical Experiment (New Hidden Object Game)\Dr Monocles.exe//xxxl.15.10.exe High

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
Your computer has keygens/cracks, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

Other than that, any other issues?

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
How would I go about getting rid of those things? Also I can still only start in safe mode. When I try to start Windows normally I get BSoD. The stop message is 0x0000008E (0xC0000005, 0x81E7C7EF, 0x803EC644, 0x00000000). Lastly, did all the scans that were done find and get rid of the MBR:\...\PHYSICALDRIVE0 rootkit virus?

Thank you very much for the help you have given me. I really appreciate it! Thank You!

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
As far as I know, that bad stuff is now gone.

However, there are a couple of scans to be run real quick, if you suspect your MBR is infected, despite the MBR log above being clean...

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.



Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
Here are the next two logs you asked for.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 109):
0x81C18000 \SystemRoot\system32\ntkrnlpa.exe
0x81FD1000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80674000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80682000 \SystemRoot\system32\drivers\acpi.sys
0x806C8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D1000 \SystemRoot\system32\drivers\msisadrv.sys
0x806D9000 \SystemRoot\system32\drivers\pci.sys
0x80700000 \SystemRoot\System32\drivers\partmgr.sys
0x8070F000 \SystemRoot\system32\drivers\volmgr.sys
0x8071E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80768000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8076F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8077D000 \SystemRoot\system32\drivers\pciide.sys
0x80784000 \SystemRoot\System32\drivers\mountmgr.sys
0x80794000 \SystemRoot\system32\drivers\atapi.sys
0x8079C000 \SystemRoot\system32\drivers\ataport.SYS
0x807BA000 \SystemRoot\system32\drivers\fltmgr.sys
0x807EC000 \SystemRoot\system32\drivers\fileinfo.sys
0x805BE000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8220C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8227D000 \SystemRoot\system32\drivers\ndis.sys
0x82388000 \SystemRoot\system32\drivers\msrpc.sys
0x823B3000 \SystemRoot\system32\drivers\NETIO.SYS
0x87806000 \SystemRoot\System32\drivers\tcpip.sys
0x878F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B14000 \SystemRoot\system32\drivers\volsnap.sys
0x87B55000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x87B5C000 \SystemRoot\System32\Drivers\mup.sys
0x87B6B000 \SystemRoot\System32\drivers\ecache.sys
0x87B92000 \SystemRoot\system32\drivers\disk.sys
0x87BA3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC4000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8790B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87914000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8794F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8795A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87998000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B006000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B093000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8B09E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B0B6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B0E5000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B126000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B131000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B148000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B153000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B176000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B185000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B199000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B1AE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B1BE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B1C9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B1D4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B1D6000 \SystemRoot\system32\DRIVERS\ks.sys
0x879A7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x879B1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x879BE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x823EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x879F3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x805C7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87BF8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B000000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x82200000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x805D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x87B4D000 \SystemRoot\System32\Drivers\Null.SYS
0x805E0000 \SystemRoot\System32\Drivers\Beep.SYS
0x805E7000 \SystemRoot\System32\drivers\vga.sys
0x8B200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B221000 \SystemRoot\System32\drivers\watchdog.sys
0x8B22D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B235000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B240000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B24E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B257000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B26D000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B281000 \SystemRoot\system32\drivers\afd.sys
0x8B2C9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B2FB000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8B304000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B31A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B328000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B364000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B36E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B385000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91870000 \SystemRoot\System32\win32k.sys
0x8B38D000 \SystemRoot\System32\drivers\Dxapi.sys
0x91A80000 \SystemRoot\System32\drivers\dxg.sys
0x91AB0000 \SystemRoot\System32\TSDDD.dll
0x91B30000 \SystemRoot\System32\framebuf.dll
0x8B397000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B3A4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B3AF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8B3B7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8B3D0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x87BCD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9360B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93644000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9365C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x93666000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77D40000 \Windows\System32\ntdll.dll

Processes (total 26):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
436 csrss.exe
472 csrss.exe
480 C:\Windows\System32\wininit.exe
508 C:\Windows\System32\winlogon.exe
556 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1564 C:\Windows\explorer.exe
280 C:\Windows\System32\wbem\unsecapp.exe
412 WmiPrvSE.exe
4512 C:\Program Files\IObit\IObit Security 360\is360.exe
4540 C:\Program Files\IObit\IObit Security 360\is360tray.exe
3004 C:\Program Files\Internet Explorer\iexplore.exe
1736 C:\Users\dummy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03000000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1C02D1F61A8850FE57BB59AB7B44BD44A699A619


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3250310AS rev.3.ADA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  • When asked Do you want to fix the MBR code? type in YES and press enter
  • Restart your PC.

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
No disrespect, I'm just curious. Why Windows XP MBR codes when I have Vista?

descriptionMBR:\...\PHYSICALDRIVE0 EmptyRe: MBR:\...\PHYSICALDRIVE0

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum