WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Redirect virus

2 posters

descriptionRedirect virus EmptyRedirect virus2nd November 2011, 2:09 am

more_horiz
I've tried several products to eradicate the redirect virus but have been unsuccessful. I have used several search engines and when I click on a link, it redirects me to another site.

Here is my OTL log file and the others are to follow shortly. Please help!

OTL logfile created on: 11/1/2011 9:22:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 237.28 Mb Available Physical Memory | 46.41% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.66 Gb Free Space | 42.02% Space Free | Partition Type: NTFS

Computer Name: B-C6SPFYDMW376J | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 21:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 15:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/12/16 09:30:06 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2003/12/16 09:24:20 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2003/12/16 09:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2003/12/16 09:22:36 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003/11/21 18:49:28 | 000,258,048 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2003/03/14 15:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/31 21:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\system32\msxmlp.dll
MOD - [2011/10/25 19:50:14 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
MOD - [2003/12/16 09:29:42 | 000,204,800 | ---- | M] () -- C:\WINDOWS\system32\C1XStngs.dll
MOD - [2003/11/14 14:57:00 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002/12/04 11:57:00 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
MOD - [2002/12/04 11:57:00 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ssleay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare10)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 21:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 11:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 09:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 09:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/10 00:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 21:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 15:26:14 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 18:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 17:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 10:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 19:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 18:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 23:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 06:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 23:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 03:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/17 00:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 09:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 21:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 13:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 06:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/28 00:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 18:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 15:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 17:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 20:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 19:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 12:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 16:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 17:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 21:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 17:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 23:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 15:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.specterproperties.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 14:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 23:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 19:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/30 00:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/01 18:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 19:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/01 18:25:11 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 23:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 17:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 20:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 21:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 20:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [acxobjmon] C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll ()
O4 - HKLM..\RunOnce: [AOLRebootNeeded] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151706553260 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08C74418-A496-4E76-8E1E-D061794E858D}: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - (C:\WINDOWS\System32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 20:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "IntuitUpdateService"
MsConfig - Services: "idsvc"
MsConfig - Services: "hkmsvc"
MsConfig - Services: "FontCache3.0.0.0"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "Fax"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "EventSystem"
MsConfig - Services: "EapHost"
MsConfig - Services: "DVD-RAM_Service"
MsConfig - Services: "Dnscache"
MsConfig - Services: "dmserver"
MsConfig - Services: "dmadmin"
MsConfig - Services: "CryptSvc"
MsConfig - Services: "COMSysApp"
MsConfig - Services: "clr_optimization_v2.0.50727_32"
MsConfig - Services: "CFSvcs"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "BITS"
MsConfig - Services: "ALG"
MsConfig - Services: "Tmesrv"
MsConfig - Services: "Tmesbs"
MsConfig - Services: "Themes"
MsConfig - Services: "TapiSrv"
MsConfig - Services: "Swupdtmr"
MsConfig - Services: "SamSs"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "Viewpoint Manager Service"
MsConfig - Services: "SessionLauncher"
MsConfig - Services: "RoxLiveShare10"
MsConfig - Services: "ose"
MsConfig - Services: "NVSvc"
MsConfig - Services: "MDM"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "avg9wd"
MsConfig - Services: "aspnet_state"
MsConfig - Services: "NetFxUpdate_v1.1.4322"
MsConfig - Services: "nosGetPlusHelper"
MsConfig - StartUpReg: 000StTHK - hkey= - key= - File not found
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: AVG9_TRAY - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1145470929\ee\aolsoftware.exe (America Online, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NVRotateSysTray - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: rasMapppm - hkey= - key= - File not found
MsConfig - StartUpReg: SmoothView - hkey= - key= - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TAudEffect - hkey= - key= - C:\Program Files\Toshiba\TAudEffect\TAudEff.exe (TOSHIBA)
MsConfig - StartUpReg: TFncKy - hkey= - key= - File not found
MsConfig - StartUpReg: TFNF5 - hkey= - key= - File not found
MsConfig - StartUpReg: TosHKCW.exe - hkey= - key= - C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
MsConfig - StartUpReg: TPSMain - hkey= - key= - File not found
MsConfig - StartUpReg: Verizon_McciTrayApp - hkey= - key= - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA347303-40DC-8D5F-82FA-87D47689462F} - Internet Explorer
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 2:10 am

more_horiz
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\MOBILEV.ACM ()
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 21:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 23:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 23:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 23:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 23:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 23:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 23:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 23:00:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/31 22:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 22:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 20:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 15:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 15:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 15:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 15:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 15:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 15:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 15:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 15:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 11:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 00:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/28 00:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 21:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 21:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 21:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 21:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 18:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2011/10/07 23:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2011/10/07 23:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/07 23:30:04 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/10/07 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/07 23:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/07 23:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/07 23:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/07 23:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/10/07 23:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2011/10/07 23:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/07 23:24:25 | 004,517,664 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/10/07 23:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/10/07 23:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/07 23:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 2:10 am

more_horiz
OTL Extras logfile created on: 11/1/2011 9:22:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 237.28 Mb Available Physical Memory | 46.41% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.66 Gb Free Space | 42.02% Space Free | Partition Type: NTFS

Computer Name: B-C6SPFYDMW376J | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = jsfile] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1145470929\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1145470929\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1145470929\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1145470929\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"E:\uTorrent.exe" = E:\uTorrent.exe:*:Enabled:µTorrent


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX9400Fax Series Scanner Driver Update
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2746B4DE-A2EE-4B33-A7CE-B33BAD5EF6FE}" = Vz In Home Agent
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3D29DFC0-EAA2-012B-AED3-000000000000}" = TurboTax 2009 wvaiper
"{4701BF4D-9DBD-4F3B-953A-AFC3316E821B}" = TOSHIBA Dual Pointing Device Utility
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B9A0703-0191-49CD-8A35-5B463197C619}" = Windows SD Host Controller Driver
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{85376E80-1A9D-4b13-92FE-5B0797FFB7DA}" = Intel(R) PROSet for Wireless
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A962C8E1-4F0B-4BA9-806E-B8D9A3B31F82}" = SurfHere by Toshiba
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D177BD9B-9B11-4E28-8584-E0F93BB33F5B}" = TOSHIBA IPPhone
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{F816A1EB-392D-459C-A5A2-8C8B9CD75446}" = TOSHIBA SD Memory Boot Utility
"{FC99D835-CA4A-4E58-82F6-31D0ACF0CACA}" = TOSHIBA Audio Effect
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"lts04" = lts04
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoConnect" = MotoConnect 1.1.31
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"PROSet" = Intel(R) PRO Network Connections Drivers
"Silent Package Run-Time Sample" = EPSON CX9400 User's Guide
"SystemRequirementsLab" = System Requirements Lab
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.59.00.XP
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Software Upgrades" = TOSHIBA Software Upgrades
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TOSHIBA Utilities" = TOSHIBA Utilities
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"uTorrent" = µTorrent
"Verizon Help and Support" = Verizon Help and Support Tool
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2011 3:49:51 PM | Computer Name = B-C6SPFYDMW376J | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/29/2011 3:49:51 PM | Computer Name = B-C6SPFYDMW376J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 10/29/2011 3:49:51 PM | Computer Name = B-C6SPFYDMW376J | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/29/2011 3:49:51 PM | Computer Name = B-C6SPFYDMW376J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 10/29/2011 3:49:51 PM | Computer Name = B-C6SPFYDMW376J | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer Microsoft Writer
(Bootable State) called routine CVssWriterShim::Subscribe which failed with status
0x8000ffff (converted to 0x800423f4).

Error - 10/29/2011 3:49:52 PM | Computer Name = B-C6SPFYDMW376J | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80070422: InitEventCollector fail

Error - 10/29/2011 3:49:53 PM | Computer Name = B-C6SPFYDMW376J | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error - 10/29/2011 3:49:53 PM | Computer Name = B-C6SPFYDMW376J | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80070422: InitEventCollector fail

Error - 10/29/2011 3:50:23 PM | Computer Name = B-C6SPFYDMW376J | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error - 10/30/2011 3:42:03 PM | Computer Name = B-C6SPFYDMW376J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 11/1/2011 9:06:48 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:06:48 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:07:03 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:27 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 2:12 am

more_horiz
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-01 21:44:19
-----------------------------
21:44:19.070 OS Version: Windows 5.1.2600 Service Pack 3
21:44:19.070 Number of processors: 1 586 0x905
21:44:19.070 ComputerName: B-C6SPFYDMW376J UserName: Administrator
21:44:19.821 Initialize success
21:44:34.291 AVAST engine defs: 11110103
21:44:37.736 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:44:37.736 Disk 0 Vendor: TOSHIBA_MK4025GAS KA101A Size: 38154MB BusType: 3
21:44:39.769 Disk 0 MBR read successfully
21:44:39.769 Disk 0 MBR scan
21:44:40.130 Disk 0 Windows XP default MBR code
21:44:40.270 Disk 0 scanning sectors +78140160
21:44:40.600 Disk 0 scanning C:\WINDOWS\system32\drivers
21:44:58.586 Service scanning
21:45:00.008 Modules scanning
21:45:14.659 Disk 0 trace - called modules:
21:45:14.690 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:45:14.690 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f94ab8]
21:45:14.690 3 CLASSPNP.SYS[f87b4fd7] -> nt!IofCallDriver -> \Device\00000082[0x82f981f8]
21:45:14.700 5 ACPI.sys[f872b620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f2fd98]
21:45:15.220 AVAST engine scan C:\WINDOWS
21:45:20.608 AVAST engine scan C:\WINDOWS\system32
21:47:45.166 AVAST engine scan C:\WINDOWS\system32\drivers
21:48:03.642 AVAST engine scan C:\Documents and Settings\Administrator
21:54:49.476 AVAST engine scan C:\Documents and Settings\All Users
21:56:53.254 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
21:56:53.284 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 2:13 am

more_horiz
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Avira Free Antivirus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
TuneUp Utilities Language Pack (en-US)
CCleaner
Java(TM) 6 Update 21
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 8:05 am

more_horiz
Hi there computerchallenged!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

I see that you have been running ComboFix. It is not a good idea to run combofix without being told to do so. ComboFix can solve problems, but it can also create them and only trained malware fighters should handle it.

Please see if you can find the log so I can have a look at it. It has probably been saved as C:\combofix.txt
Please copy and paste its contents back here.

====================

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:

:files
C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll

:otl
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKCU..\Run: [acxobjmon] C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll ()

:commands
[reboot]

  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 2:27 pm

more_horiz
Here is the new OTL log.

OTL logfile created on: 11/2/2011 10:15:23 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 191.66 Mb Available Physical Memory | 37.49% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.59% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.49 Gb Free Space | 41.58% Space Free | Partition Type: NTFS

Computer Name: B-C6SPFYDMW376J | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 21:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 15:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/12/16 09:30:06 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2003/12/16 09:24:20 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2003/12/16 09:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2003/12/16 09:22:36 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003/11/21 18:49:28 | 000,258,048 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2003/03/14 15:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/31 21:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\system32\msxmlp.dll
MOD - [2011/10/25 19:50:14 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
MOD - [2003/12/16 09:29:42 | 000,204,800 | ---- | M] () -- C:\WINDOWS\system32\C1XStngs.dll
MOD - [2003/11/14 14:57:00 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002/12/04 11:57:00 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
MOD - [2002/12/04 11:57:00 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ssleay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare10)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 21:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 11:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 09:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 09:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/10 00:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 21:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 15:26:14 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 18:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 17:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 10:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 19:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 18:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 23:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 06:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 23:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 03:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/17 00:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 09:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 21:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 13:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 06:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/28 00:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 18:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 15:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 17:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 20:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 19:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 12:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 16:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 17:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 21:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 17:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 23:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 15:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.specterproperties.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 14:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 23:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 19:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/30 00:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/01 18:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 19:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/01 18:25:11 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 23:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 17:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 20:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 21:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 20:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [acxobjmon] C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151706553260 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08C74418-A496-4E76-8E1E-D061794E858D}: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - (C:\WINDOWS\System32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 20:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 21:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTL
[2011/11/01 21:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 23:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 23:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 23:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 23:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 23:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 23:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 23:00:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/31 22:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 22:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 20:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 15:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 15:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 15:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 15:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 15:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 15:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 15:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 15:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 11:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 00:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/28 00:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 21:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 21:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 21:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 21:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 18:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2011/10/07 23:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2011/10/07 23:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/07 23:30:04 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/10/07 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/07 23:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/07 23:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/07 23:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/07 23:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/10/07 23:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2011/10/07 23:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/07 23:24:25 | 004,517,664 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/10/07 23:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/10/07 23:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/07 23:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/02 10:24:02 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500UA.job
[2011/11/02 09:20:40 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/02 09:20:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/02 09:19:23 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\IWUM.job
[2011/11/02 09:19:22 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/11/02 09:19:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/02 09:19:14 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/01 21:56:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/01 21:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/11/01 19:24:20 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500Core.job
[2011/10/31 23:33:48 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.lnk
[2011/10/31 23:06:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 21:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 21:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 20:25:09 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 20:23:08 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/31 18:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 16:09:56 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 15:35:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 11:42:59 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/28 00:31:27 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/28 00:17:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/28 00:03:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 22:12:22 | 000,477,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 22:12:22 | 000,086,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/07 23:30:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/07 23:26:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/01 21:56:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/10/31 23:33:46 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.lnk
[2011/10/31 23:06:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/31 23:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 23:00:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 23:00:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 23:00:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/31 23:00:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 23:00:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 21:52:12 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\IWUM.job
[2011/10/31 21:52:12 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/10/31 21:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 21:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 20:25:09 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 20:25:09 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 20:23:02 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/29 16:09:34 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 15:35:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 11:42:46 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/28 00:31:13 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/28 00:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/07 23:30:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/07 23:26:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/07 23:24:53 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/09/15 23:21:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 14:13:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wzehigihagonaman.dat
[2011/09/06 14:13:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Blibirikijirazoh.bin
[2010/07/27 17:56:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/14 10:53:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/14 10:53:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/14 10:53:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/14 10:53:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/14 10:53:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/14 10:53:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/14 10:53:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/14 10:53:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/14 10:53:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/14 10:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/14 10:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/14 10:53:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/14 10:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/14 10:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/14 10:53:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/14 10:53:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 10:49:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/11/11 16:51:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2008/10/08 18:38:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/08/21 15:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/06 15:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/29 17:16:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/19 14:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/19 14:21:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/09 22:13:15 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/09 22:12:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/14 18:53:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/14 15:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2004/01/14 14:53:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/01/14 14:37:54 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/01/14 14:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/01/14 14:14:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 13:49:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/01/14 13:46:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/01/14 13:38:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/01/14 13:38:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/14 13:20:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/01/14 13:20:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/01/14 13:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/01/14 13:20:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/01/13 20:31:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 20:29:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 20:28:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/13 20:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/13 20:22:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 19:10:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/13 19:09:42 | 000,477,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/13 19:09:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/01/13 19:09:42 | 000,086,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/13 19:09:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/01/13 19:09:40 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/13 19:09:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/01/13 19:09:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 19:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/01/13 19:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/01/13 19:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/01/13 19:09:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/13 12:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/16 09:29:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/27 21:29:30 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2003/11/27 21:13:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2003/11/20 20:52:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2003/11/14 15:05:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/14 14:57:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2003/07/29 19:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/04 11:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/04 11:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/04 13:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== Custom Scans ==========


< :files >

< C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll >
[2011/10/25 19:50:14 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll

< >

< :otl >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. >

< O4 - HKCU..\Run: [acxobjmon] C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll () >

< >

< :commands >

< [reboot] >

< End of report >

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 2:46 pm

more_horiz
I tried to "run fix" but it said a reboot was required so I rebooted. Upon reboot, I tried to "run fix" and a pop up window came up. It said, "No fix has been provided. Click ok to load it from a file or Cancel to cancel.

What steps do I take from here? The log I just posted was before I tried to "run fix".

Combo fix froze and never completed but I'll look for the log.

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 2:50 pm

more_horiz
This was the log I found in "moved files" folder.

========== FILES ==========
C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll moved successfully.
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\acxobjmon deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 11022011_102919

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 2:56 pm

more_horiz
Cannot locate combofix.txt

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 3:07 pm

more_horiz
Redirects still happening?

If no, skip the TDSSKiller step and go on to the next.

====================

  • Download TDSSKiller by Kaspersky from here and save it to your desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).


====================

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 3:30 pm

more_horiz
still having redirect issues.......TDDSKiller report

11:24:15.0478 2640 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
11:24:16.0129 2640 ============================================================
11:24:16.0129 2640 Current date / time: 2011/11/02 11:24:16.0129
11:24:16.0129 2640 SystemInfo:
11:24:16.0129 2640
11:24:16.0129 2640 OS Version: 5.1.2600 ServicePack: 3.0
11:24:16.0129 2640 Product type: Workstation
11:24:16.0129 2640 ComputerName: B-C6SPFYDMW376J
11:24:16.0129 2640 UserName: Administrator
11:24:16.0129 2640 Windows directory: C:\WINDOWS
11:24:16.0129 2640 System windows directory: C:\WINDOWS
11:24:16.0129 2640 Processor architecture: Intel x86
11:24:16.0129 2640 Number of processors: 1
11:24:16.0129 2640 Page size: 0x1000
11:24:16.0129 2640 Boot type: Normal boot
11:24:16.0129 2640 ============================================================
11:24:18.0372 2640 Initialize success
11:26:16.0172 3840 ============================================================
11:26:16.0172 3840 Scan started
11:26:16.0172 3840 Mode: Manual;
11:26:16.0172 3840 ============================================================
11:26:19.0477 3840 Abiosdsk - ok
11:26:19.0957 3840 abp480n5 - ok
11:26:20.0278 3840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:26:20.0288 3840 ACPI - ok
11:26:20.0448 3840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:26:20.0508 3840 ACPIEC - ok
11:26:20.0618 3840 adpu160m - ok
11:26:20.0718 3840 aeaudio (2c5b1f8142a96233c07c93328b5ea635) C:\WINDOWS\system32\drivers\aeaudio.sys
11:26:20.0738 3840 aeaudio - ok
11:26:20.0869 3840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:26:20.0869 3840 aec - ok
11:26:21.0019 3840 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
11:26:21.0019 3840 Afc - ok
11:26:21.0119 3840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:26:21.0119 3840 AFD - ok
11:26:21.0299 3840 AgereSoftModem (e66ae825c42b668a90e67e7e41eeeee7) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:26:21.0329 3840 AgereSoftModem - ok
11:26:21.0479 3840 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:26:21.0530 3840 agp440 - ok
11:26:21.0600 3840 Aha154x - ok
11:26:21.0670 3840 aic78u2 - ok
11:26:21.0770 3840 aic78xx - ok
11:26:21.0840 3840 AliIde - ok
11:26:21.0900 3840 amsint - ok
11:26:22.0050 3840 ApfiltrService (4560a7079a53db71b1da013b8d18baf0) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
11:26:22.0050 3840 ApfiltrService - ok
11:26:22.0140 3840 asc - ok
11:26:22.0201 3840 asc3350p - ok
11:26:22.0281 3840 asc3550 - ok
11:26:22.0481 3840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:26:22.0521 3840 AsyncMac - ok
11:26:22.0631 3840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:26:22.0631 3840 atapi - ok
11:26:22.0731 3840 Atdisk - ok
11:26:22.0821 3840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:26:22.0871 3840 Atmarpc - ok
11:26:23.0022 3840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:26:23.0022 3840 audstub - ok
11:26:23.0142 3840 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:26:23.0142 3840 avgntflt - ok
11:26:23.0252 3840 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:26:23.0252 3840 avipbb - ok
11:26:23.0422 3840 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:26:23.0422 3840 avkmgr - ok
11:26:23.0552 3840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:26:23.0552 3840 Beep - ok
11:26:23.0693 3840 catchme - ok
11:26:23.0833 3840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:26:23.0873 3840 cbidf2k - ok
11:26:23.0953 3840 cd20xrnt - ok
11:26:24.0053 3840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:26:24.0053 3840 Cdaudio - ok
11:26:24.0203 3840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:26:24.0203 3840 Cdfs - ok
11:26:24.0284 3840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:26:24.0284 3840 Cdrom - ok
11:26:24.0424 3840 Changer - ok
11:26:24.0594 3840 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:26:24.0594 3840 CmBatt - ok
11:26:24.0664 3840 CmdIde - ok
11:26:24.0734 3840 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:26:24.0774 3840 Compbatt - ok
11:26:24.0904 3840 Cpqarray - ok
11:26:24.0985 3840 dac2w2k - ok
11:26:25.0035 3840 dac960nt - ok
11:26:25.0145 3840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:26:25.0205 3840 Disk - ok
11:26:25.0385 3840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:26:25.0455 3840 dmboot - ok
11:26:25.0585 3840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:26:25.0625 3840 dmio - ok
11:26:25.0736 3840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:26:25.0776 3840 dmload - ok
11:26:25.0896 3840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:26:25.0906 3840 DMusic - ok
11:26:26.0016 3840 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:26:26.0066 3840 dot4 - ok
11:26:26.0166 3840 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:26:26.0206 3840 Dot4Print - ok
11:26:26.0346 3840 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
11:26:26.0437 3840 Dot4Scan - ok
11:26:26.0547 3840 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
11:26:26.0587 3840 dot4usb - ok
11:26:26.0707 3840 dpti2o - ok
11:26:26.0807 3840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:26:26.0807 3840 drmkaud - ok
11:26:26.0917 3840 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:26:26.0917 3840 E100B - ok
11:26:27.0068 3840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:26:27.0128 3840 Fastfat - ok
11:26:27.0248 3840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:26:27.0258 3840 Fdc - ok
11:26:27.0328 3840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:26:27.0328 3840 Fips - ok
11:26:27.0478 3840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:26:27.0478 3840 Flpydisk - ok
11:26:27.0598 3840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:26:27.0628 3840 FltMgr - ok
11:26:27.0698 3840 FreshIO - ok
11:26:27.0779 3840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:26:27.0779 3840 Fs_Rec - ok
11:26:27.0919 3840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:26:27.0969 3840 Ftdisk - ok
11:26:28.0099 3840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:26:28.0099 3840 GEARAspiWDM - ok
11:26:28.0249 3840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:26:28.0259 3840 Gpc - ok
11:26:28.0369 3840 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
11:26:28.0470 3840 gv3 - ok
11:26:28.0600 3840 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:26:28.0600 3840 HidUsb - ok
11:26:28.0670 3840 hpn - ok
11:26:28.0790 3840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:26:28.0800 3840 HTTP - ok
11:26:28.0900 3840 i2omgmt - ok
11:26:28.0960 3840 i2omp - ok
11:26:29.0070 3840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:26:29.0080 3840 i8042prt - ok
11:26:29.0201 3840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:26:29.0201 3840 Imapi - ok
11:26:29.0271 3840 ini910u - ok
11:26:29.0401 3840 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:26:29.0531 3840 IntelIde - ok
11:26:29.0681 3840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:26:29.0681 3840 intelppm - ok
11:26:29.0761 3840 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:26:29.0811 3840 ip6fw - ok
11:26:29.0922 3840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:26:29.0972 3840 IpFilterDriver - ok
11:26:30.0122 3840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:26:30.0152 3840 IpInIp - ok
11:26:30.0242 3840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:26:30.0252 3840 IpNat - ok
11:26:30.0362 3840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:26:30.0362 3840 IPSec - ok
11:26:30.0522 3840 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
11:26:30.0522 3840 irda - ok
11:26:30.0593 3840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:26:30.0603 3840 IRENUM - ok
11:26:30.0713 3840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:26:30.0773 3840 isapnp - ok
11:26:30.0893 3840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:26:30.0893 3840 Kbdclass - ok
11:26:30.0993 3840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:26:31.0003 3840 kmixer - ok
11:26:31.0163 3840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:26:31.0193 3840 KSecDD - ok
11:26:31.0294 3840 lbrtfdc - ok
11:26:31.0404 3840 MBAMSwissArmy - ok
11:26:31.0734 3840 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
11:26:31.0734 3840 MCSTRM - ok
11:26:31.0844 3840 MDC8021X (0f528e44cdc78365be693ae723e3801c) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
11:26:31.0844 3840 MDC8021X - ok
11:26:31.0995 3840 meiudf (766a1d242f4390ddf1243084898a20c9) C:\WINDOWS\system32\Drivers\meiudf.sys
11:26:31.0995 3840 meiudf - ok
11:26:32.0125 3840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:26:32.0125 3840 mnmdd - ok
11:26:32.0245 3840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:26:32.0245 3840 Modem - ok
11:26:32.0365 3840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:26:32.0365 3840 Mouclass - ok
11:26:32.0525 3840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:26:32.0525 3840 mouhid - ok
11:26:32.0646 3840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:26:32.0676 3840 MountMgr - ok
11:26:32.0796 3840 mraid35x - ok
11:26:32.0946 3840 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
11:26:32.0986 3840 MREMP50 - ok
11:26:32.0996 3840 MREMPR5 - ok
11:26:33.0006 3840 MRENDIS5 - ok
11:26:33.0036 3840 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
11:26:33.0086 3840 MRESP50 - ok
11:26:33.0256 3840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:26:33.0306 3840 MRxDAV - ok
11:26:33.0497 3840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:26:33.0507 3840 MRxSmb - ok
11:26:33.0647 3840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:26:33.0647 3840 Msfs - ok
11:26:33.0737 3840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:26:33.0777 3840 MSKSSRV - ok
11:26:33.0877 3840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:26:33.0917 3840 MSPCLOCK - ok
11:26:34.0048 3840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:26:34.0118 3840 MSPQM - ok
11:26:34.0228 3840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:26:34.0238 3840 mssmbios - ok
11:26:34.0388 3840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:26:34.0488 3840 Mup - ok
11:26:34.0648 3840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:26:34.0708 3840 NDIS - ok
11:26:34.0869 3840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:26:34.0869 3840 NdisTapi - ok
11:26:34.0929 3840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:26:34.0929 3840 Ndisuio - ok
11:26:35.0049 3840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:26:35.0049 3840 NdisWan - ok
11:26:35.0179 3840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:26:35.0179 3840 NDProxy - ok
11:26:35.0279 3840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:26:35.0279 3840 NetBIOS - ok
11:26:35.0420 3840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:26:35.0420 3840 NetBT - ok
11:26:35.0610 3840 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
11:26:35.0610 3840 Netdevio - ok
11:26:35.0720 3840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:26:35.0720 3840 Npfs - ok
11:26:35.0870 3840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:26:35.0920 3840 Ntfs - ok
11:26:36.0080 3840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:26:36.0080 3840 Null - ok
11:26:36.0271 3840 nv (f409d1bf29c59c94c62940d6fc0287ed) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:26:36.0301 3840 nv - ok
11:26:36.0511 3840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:26:36.0561 3840 NwlnkFlt - ok
11:26:36.0661 3840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:26:36.0711 3840 NwlnkFwd - ok
11:26:36.0862 3840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:26:36.0872 3840 Parport - ok
11:26:36.0942 3840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:26:36.0972 3840 PartMgr - ok
11:26:37.0082 3840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:26:37.0082 3840 ParVdm - ok
11:26:37.0232 3840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:26:37.0262 3840 PCI - ok
11:26:37.0332 3840 PCIDump - ok
11:26:37.0462 3840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:26:37.0563 3840 PCIIde - ok
11:26:37.0723 3840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:26:37.0763 3840 Pcmcia - ok
11:26:37.0823 3840 PDCOMP - ok
11:26:37.0903 3840 PDFRAME - ok
11:26:37.0993 3840 PDRELI - ok
11:26:38.0053 3840 PDRFRAME - ok
11:26:38.0113 3840 perc2 - ok
11:26:38.0194 3840 perc2hib - ok
11:26:38.0344 3840 portio (a8ee1056229f1ea2b2fd1dae7e98af4e) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
11:26:38.0384 3840 portio - ok
11:26:38.0594 3840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:26:38.0594 3840 PptpMiniport - ok
11:26:38.0664 3840 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:26:38.0664 3840 Processor - ok
11:26:38.0744 3840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:26:38.0744 3840 PSched - ok
11:26:38.0854 3840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:26:38.0854 3840 Ptilink - ok
11:26:38.0955 3840 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
11:26:38.0995 3840 PxHelp20 - ok
11:26:39.0075 3840 ql1080 - ok
11:26:39.0155 3840 Ql10wnt - ok
11:26:39.0235 3840 ql12160 - ok
11:26:39.0295 3840 ql1240 - ok
11:26:39.0365 3840 ql1280 - ok
11:26:39.0505 3840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:26:39.0505 3840 RasAcd - ok
11:26:39.0656 3840 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:26:39.0656 3840 Rasirda - ok
11:26:39.0786 3840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:26:39.0786 3840 Rasl2tp - ok
11:26:39.0896 3840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:26:39.0896 3840 RasPppoe - ok
11:26:40.0016 3840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:26:40.0016 3840 Raspti - ok
11:26:40.0146 3840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:26:40.0156 3840 Rdbss - ok
11:26:40.0297 3840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:26:40.0297 3840 RDPCDD - ok
11:26:40.0387 3840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:26:40.0397 3840 rdpdr - ok
11:26:40.0577 3840 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:26:40.0617 3840 RDPWD - ok
11:26:40.0737 3840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:26:40.0737 3840 redbook - ok
11:26:40.0877 3840 s24trans (20f5dd9defbfa3f006082817163fd4f0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:26:40.0887 3840 s24trans - ok
11:26:41.0068 3840 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:26:41.0068 3840 sdbus - ok
11:26:41.0168 3840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:26:41.0218 3840 Secdrv - ok
11:26:41.0378 3840 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:26:41.0378 3840 serenum - ok
11:26:41.0508 3840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:26:41.0508 3840 Serial - ok
11:26:41.0618 3840 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
11:26:41.0669 3840 sffdisk - ok
11:26:41.0799 3840 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
11:26:41.0849 3840 sffp_sd - ok
11:26:41.0969 3840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:26:42.0019 3840 Sfloppy - ok
11:26:42.0129 3840 Simbad - ok
11:26:42.0219 3840 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:26:42.0219 3840 SMCIRDA - ok
11:26:42.0390 3840 smwdm (5f0e2e868030ec4f0cb6e608267d3541) C:\WINDOWS\system32\drivers\smwdm.sys
11:26:42.0400 3840 smwdm - ok
11:26:42.0520 3840 Sparrow - ok
11:26:42.0630 3840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:26:42.0630 3840 splitter - ok
11:26:42.0730 3840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:26:42.0770 3840 sr - ok
11:26:42.0930 3840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:26:42.0940 3840 Srv - ok
11:26:43.0061 3840 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:26:43.0061 3840 ssmdrv - ok
11:26:43.0201 3840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:26:43.0201 3840 swenum - ok
11:26:43.0281 3840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:26:43.0281 3840 swmidi - ok
11:26:43.0361 3840 symc810 - ok
11:26:43.0481 3840 symc8xx - ok
11:26:43.0541 3840 sym_hi - ok
11:26:43.0601 3840 sym_u3 - ok
11:26:43.0701 3840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:26:43.0711 3840 sysaudio - ok
11:26:43.0882 3840 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\System32\drivers\TBiosDrv.sys
11:26:43.0882 3840 TBiosDrv - ok
11:26:44.0002 3840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:26:44.0012 3840 Tcpip - ok
11:26:44.0122 3840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:26:44.0172 3840 TDPIPE - ok
11:26:44.0272 3840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:26:44.0322 3840 TDTCP - ok
11:26:44.0463 3840 TEchoCan (dd914af7d64c96821fd5695c22636d1d) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
11:26:44.0513 3840 TEchoCan - ok
11:26:44.0693 3840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:26:44.0693 3840 TermDD - ok
11:26:44.0813 3840 TMEI3E (dde020c16673b702d7235b0d96d34fd7) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
11:26:44.0813 3840 TMEI3E - ok
11:26:44.0883 3840 TosIde - ok
11:26:45.0033 3840 tosporte (798f49166c4ac5b923c1087e5a6fcdfa) C:\WINDOWS\system32\DRIVERS\tosporte.sys
11:26:45.0033 3840 tosporte - ok
11:26:45.0144 3840 Tosrfbd (6b3fbb12a3eef2cda102a114f92e0a51) C:\WINDOWS\system32\Drivers\tosrfbd.sys
11:26:45.0174 3840 Tosrfbd - ok
11:26:45.0284 3840 Tosrfbnp (a217494ea392b07dbbe5a92d10a57ecd) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
11:26:45.0334 3840 Tosrfbnp - ok
11:26:45.0474 3840 Tosrfcom (fbdacbeb53d712574f362c3f7fb133b5) C:\WINDOWS\system32\Drivers\tosrfcom.sys
11:26:45.0474 3840 Tosrfcom - ok
11:26:45.0574 3840 tosrfec (75b20ee4d4f6bc610d3ac10896d78606) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
11:26:45.0624 3840 tosrfec - ok
11:26:45.0754 3840 Tosrfhid (1ca96125db431ef4b1c0fd15fcbd05c5) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
11:26:45.0794 3840 Tosrfhid - ok
11:26:45.0915 3840 tosrfnds (ca182a32ded1dffc220793a0e95de5b5) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
11:26:45.0935 3840 tosrfnds - ok
11:26:46.0075 3840 Tosrfusb (0c6db0b117040fe6511cbeb2e65b1643) C:\WINDOWS\system32\Drivers\tosrfusb.sys
11:26:46.0115 3840 Tosrfusb - ok
11:26:46.0275 3840 tossmbnt (b3b20cd6ab0c9ef8feef9fbbe04f1cb2) C:\WINDOWS\system32\drivers\tossmbnt.sys
11:26:46.0275 3840 tossmbnt - ok
11:26:46.0395 3840 TVALZ (9d8fcc6099d641d7c2bdc7f41193bec5) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
11:26:46.0495 3840 TVALZ - ok
11:26:46.0726 3840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:26:46.0726 3840 Udfs - ok
11:26:46.0796 3840 ultra - ok
11:26:46.0916 3840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:26:46.0926 3840 Update - ok
11:26:47.0076 3840 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:26:47.0116 3840 USBAAPL - ok
11:26:47.0237 3840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:26:47.0267 3840 usbccgp - ok
11:26:47.0387 3840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:26:47.0397 3840 usbehci - ok
11:26:47.0517 3840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:26:47.0517 3840 usbhub - ok
11:26:47.0617 3840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:26:47.0667 3840 usbprint - ok
11:26:47.0807 3840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:26:47.0837 3840 usbscan - ok
11:26:47.0958 3840 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
11:26:48.0008 3840 usbsermpt - ok
11:26:48.0138 3840 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
11:26:48.0168 3840 usbsermptxp - ok
11:26:48.0298 3840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:26:48.0328 3840 USBSTOR - ok
11:26:48.0458 3840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:26:48.0458 3840 usbuhci - ok
11:26:48.0619 3840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:26:48.0619 3840 VgaSave - ok
11:26:48.0679 3840 ViaIde - ok
11:26:48.0789 3840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:26:48.0839 3840 VolSnap - ok
11:26:49.0079 3840 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
11:26:49.0159 3840 w22n51 - ok
11:26:49.0350 3840 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
11:26:49.0370 3840 w70n51 - ok
11:26:49.0850 3840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:26:49.0860 3840 Wanarp - ok
11:26:50.0141 3840 wceusbsh (56242d5be3bfc8f2a212e6d1f9a16697) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
11:26:50.0191 3840 wceusbsh - ok
11:26:50.0301 3840 WDICA - ok
11:26:50.0421 3840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:26:50.0431 3840 wdmaud - ok
11:26:50.0591 3840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:26:50.0621 3840 WudfPf - ok
11:26:50.0752 3840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:26:50.0812 3840 WudfRd - ok
11:26:50.0872 3840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:26:50.0952 3840 \Device\Harddisk0\DR0 - ok
11:26:50.0962 3840 Boot (0x1200) (e782df6f99571c6815978867528b1aba) \Device\Harddisk0\DR0\Partition0
11:26:50.0962 3840 \Device\Harddisk0\DR0\Partition0 - ok
11:26:50.0972 3840 ============================================================
11:26:50.0972 3840 Scan finished
11:26:50.0972 3840 ============================================================
11:26:50.0982 2604 Detected object count: 0
11:26:50.0982 2604 Actual detected object count: 0

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 3:47 pm

more_horiz
Malwarebytes log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8068

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/2/2011 11:45:32 AM
mbam-log-2011-11-02 (11-45-32).txt

Scan type: Quick scan
Objects scanned: 169499
Time elapsed: 10 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionRedirect virus EmptyRe: Redirect virus2nd November 2011, 3:48 pm

more_horiz
I noticed it states Internet Explorer 8.0 but I am using Firefox. Not sure if that makes a difference or not.

descriptionRedirect virus EmptyRe: Redirect virus3rd November 2011, 7:21 am

more_horiz
Could you verify if redirects also happen in Internet Explorer?

If they only occur in Firefox, please run this:

Please download GooredFix by jpshortstuff from one of the locations below and save it to your desktop:
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (WIN XP), or right-click and select Run As Administrator (Vista/WIN7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

descriptionRedirect virus EmptyRe: Redirect virus3rd November 2011, 1:10 pm

more_horiz
Redirects happen with Internet Explorer too.

descriptionRedirect virus EmptyRe: Redirect virus3rd November 2011, 3:18 pm

more_horiz
Lets have a look if your router was compromised.

We need to know the DNS (Domain Name Server) settings of your router. To find out the DNS settings of your router, you will have to access your router (requiring username and password) and look up those settings.
If you don´t know how to do that, please consult the manual of the router. If you can´t locate this manual, you can try:
  • To download the manual at the website of the router´s manufacturer.
  • Consult this webpage. It will explain for various brands of routers how to change DNS settings (Don´t actually change anything! Just list the IP addresses that your router reports as DNS servers).

An example of what we are looking for:
Redirect virus Start_router_dlink_dir855_3
In the above example, you would report to me "208.67.222.222" and "208.67.220.220".

If you don´t find the option of DNS servers, depending on the type of router, you might have to look under an option called "DHCP Server" and find the settings for the DNS servers, which by some routers is called "Static DNS".

Please let me know if you run into any kind of trouble.

descriptionRedirect virus EmptyRe: Redirect virus3rd November 2011, 3:41 pm

more_horiz
Router as in wireless router? I have the computer here at work now and is connected to my work wireless router and it is doing the same thing here as it did at home.

descriptionRedirect virus EmptyRe: Redirect virus3rd November 2011, 3:49 pm

more_horiz
So it is not your router either!

This bugger is well hidden if aswmbr and tdsskiller cannot find it.

Download GMER Rootkit Scanner from here and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, don´t take any action. It could be a false positive.
  • Click OK to quit GMER.
  • Please post the contents of gmer.txt into your next reply.

descriptionRedirect virus EmptyRe: Redirect virus3rd November 2011, 7:09 pm

more_horiz
FYI - GMER scanner still running.

descriptionRedirect virus EmptyRe: Redirect virus3rd November 2011, 9:04 pm

more_horiz
the gmer scan took a long time but here is the report. And as an fyi - I saved the report but when I copied and pasted in this window, it wouldn't post. This area showed blank and I tried to refresh screen but it wouldn't come up. So I copied the file to a flash drive, loaded it on my work computer and then logged in and pasted it from my work computer.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-03 16:54:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4025GAS rev.KA101A
Running: i33julyi.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfgdypog.sys


---- System - GMER 1.0.15 ----

SSDT F8E54894 ZwClose
SSDT F8E5484E ZwCreateKey
SSDT F8E5489E ZwCreateSection
SSDT F8E54844 ZwCreateThread
SSDT F8E54853 ZwDeleteKey
SSDT F8E5485D ZwDeleteValueKey
SSDT F8E5488F ZwDuplicateObject
SSDT F8E54862 ZwLoadKey
SSDT F8E54830 ZwOpenProcess
SSDT F8E54835 ZwOpenThread
SSDT F8E548B7 ZwQueryValueKey
SSDT F8E5486C ZwReplaceKey
SSDT F8E548A8 ZwRequestWaitReplyPort
SSDT F8E54867 ZwRestoreKey
SSDT F8E548A3 ZwSetContextThread
SSDT F8E548AD ZwSetSecurityObject
SSDT F8E54858 ZwSetValueKey
SSDT F8E548B2 ZwSystemDebugControl
SSDT F8E5483F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 15C 804E27C8 1 Byte [8F]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7B4A340, 0x1066EF, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234BE0, 0xF8000020]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

descriptionRedirect virus EmptyRe: Redirect virus4th November 2011, 9:09 am

more_horiz
There is no sign of anything!

Could you perform the router check as I requested before?
I could be possible that both routers you work with have been hacked.

descriptionRedirect virus EmptyRe: Redirect virus4th November 2011, 1:33 pm

more_horiz
I'm at my work now and accessed the router info.

Login Type: Automatic Configuration - DHCP

DHCP Server: (only has option to enable or disable) it is enabled

Then it gives starting IP address

Static DNS 1-3 are all 0.0.0.0
When I go under the status tab, the only DNS number I can find is:

DNS 1 10.1.10.1

I checked every setting and those are the only ones with "DNS"

Keep in mind, the desktop here at work does not have the redirect problem.

Not sure if this will help. I googled nfl schedule. the search result page came up. first one on the list was NFL Games and has a web address of www.nfl.com should be a safe site. I right clicked on the link and copied it. This is where it says it's going to send me:

http://www.google.com/url?url=http://www.nfl.com/&rct=j&sa=X&ei=f-izTse5HcX40gHpy4yVBA&ved=0CCQQ4wEwAA&q=nfl+schedule+2011&usg=AFQjCNGc1PwNYhAF3bW5CguhZrL3i2lkSw

I actually clicked on the link itself and this is where it took me:

http://www.autogrids.com/results1.aspx?keywords=nfl+schedule+2011&domaingroup=rehab-a&referrer=adcomtq&camp=0-a-hightqspread-tq-adcom&group=nfl+schedule+2011&keyword=nfl+schedule+2011&creativeid=and2-2752

Sometimes I can cut the first part of the string and get to the website it is supposed to go to.

Not sure if this helps or not.

descriptionRedirect virus EmptyRe: Redirect virus4th November 2011, 2:48 pm

more_horiz
hmmm

We´ll try combofix and if that does not give us any new info, go to a boot disk.

ComboFix by sUBs is a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

Note that I will be offline in the weekend. We might need to continue next week.

descriptionRedirect virus EmptyRe: Redirect virus4th November 2011, 3:47 pm

more_horiz
running combofix now. Will post log when I finish. Thank you for your time and if we can't get this done today, that is fine. I'm just happy for the fact that you are helping me. Enjoy the weekend!!

descriptionRedirect virus EmptyRe: Redirect virus4th November 2011, 5:44 pm

more_horiz
the combofix has been running for almost 2 hrs and it changed the time on the clock but nothing else is coming up. Not even Stage 1 or anything. How long does this scan typically take? I haven't touched the computer, don't worry. Was just wondering how long the scan take.

descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 7:12 am

more_horiz
A scan should normally be finished in (much) less than 15 minutes.

Not working?

descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 12:35 pm

more_horiz
no, it did not work. I let it try to run for 5 hrs. I had to leave work and tried to close out of the program but it wouldn't respond. My mouse was the only thing working and I couldn't shut down safely. I had to hold down the power button to get it to turn off.

I noticed when you say download it, to save it to the desktop but with Firefox, it does not give an option where to save it to, it automatically goes into a download folder.

Should I delete and do another install using Internet Explorer? Or should I try to run it in safe mode?

descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 1:07 pm

more_horiz
Try this

Please visit this webpage and read the tutorial on using ComboFix very carefully. After that proceed to download ComboFix, but rename it during the download, to make sure the malware does not interfere.

The easiest is to download using Internet Explorer. If you insist on using Mozilla Firefox, you have to make a change to its configuration:
Tools >> Options >> General >> Downloads >> select Always ask me where to save files.

Use one of the links in the guide to download ComboFix and when your browser asks you where to save it, change the name of the file to svchost.exe and save it to your desktop.

Redirect virus 2aflf5z

Doubleclick svchost.exe to run the tool. Please post its log back here.

descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 3:14 pm

more_horiz
Followed the directions to a T. I used Internet Explorer to download it. Renamed it to svchost.exe. Turned off Anti-virus and double clicked to run program. Scan has been running for about 45 minutes now.

descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 3:35 pm

more_horiz
It seems the infection resists all our tools Sad tearing

It does not happen often that ComboFix, TDSSKiller, GMER and aswMBR all fail.
The next possible solution uses a boot disk. See if that gets us somewhere.

====================

Please download MBRCheck by a_d_13 from either of the following mirrors and save it to your system disk (probably C:\).

====================

We are going to use a boot CD to help us with your problem.

  • You will need a blank CD to burn the boot CD
  • Download OTLPEStd.exe by OldTimer from here (a big download)
  • Double-click on OTLPEStd.exe to burn the boot CD
  • Reboot your system using the boot CD you just created. If you don´t know how to boot from CD, check out this page
  • Booting will take quite some time, so please be patient
  • Finally you should see the REATOGO-X-PE desktop. Find the OTLPE icon and double click it to run OTLPE
  • Answer Yes and OK to all prompts
  • Ensure the option Automatically Load All Remaining Users is checked
  • OTL should now start. Set the option Drivers to Non-Microsoft
  • Copy and paste the following text into the Custom Scans/Fixes field:
    /md5start
    atapi.sys
    iastor.sys
    ndis.sys
    userinit.exe
    winlogon.exe
    /md5stop

  • Click Run Scan to start the scan
  • When finished, a log file C:\OTL.txt will be created
  • Please post the contents of the file in your next reply

====================

After getting the OTL log, browse to your system disk, run mbrcheck.exe and post the resulting log back here.

====================

Hopefully these two logs show us something new!



descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 3:50 pm

more_horiz
Ok, I had to force close by shutting down computer with power button. When it rebooted, I noticed that it changed the svchost.exe file I renamed back to Combofix.exe. I tried to d/l combofix from the other site listed and when I tried to run, it said there was an update and if I wanted to update. I clicked on No and am now d/l MBRcheck.

descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 5:04 pm

more_horiz
I do not see on the screen which button is the "setup key". So I don't know if it's the del button, F2. I tried pressing the Del key and it asks which operating system to start:

Microsoft Windows Recovery Console
do not select this [debugger enabled]
Microsoft Windows XP Professional

For troubleshooting and advanced start up options for Windows, press F8 and when I pressed F8 it gave me the following options:

Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt.

Enable Boot Logging
Enable VGA Mode
Last Known............
Directory Service....
Debugging Mode
Disable automatic restart on system failure

Start Windows normally
Reboot
Return to OS choices

descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 5:25 pm

more_horiz
um nevermind, I had a brain freeze. On my computer it's the Esc/F1 key. it's booting from the CD now. It's starting the Reatogo-X-PE now.

descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 5:32 pm

more_horiz
Ok got the OTLPE to run. Under the "Drivers" section, it only gives the option to click on "none", "Use SafeList" and "all". Use the safe list one?

descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 6:26 pm

more_horiz
OTL logfile created on: 11/7/2011 12:35:42 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 60.00% Memory free
459.00 Mb Paging File | 340.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.29 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (SessionLauncher)
SRV - File not found [Disabled] -- -- (RoxLiveShare10)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/09/23 17:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 17:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 20:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 08:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 08:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/09 23:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 20:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 14:26:14 | 000,053,248 | ---- | M] () [Disabled] -- C:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 17:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/09/18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 09:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 18:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 17:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 22:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 05:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 22:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 02:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/16 23:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 08:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 12:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 05:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/27 23:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 17:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 14:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 16:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 19:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 18:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 15:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 16:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 16:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 22:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 14:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.specterproperties.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 13:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 22:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 18:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 07:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/29 23:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 18:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 22:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 16:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 19:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 20:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151706553260 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 19:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 10:44:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/07 09:27:11 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/02 09:29:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/01 20:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTL
[2011/11/01 20:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 22:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 22:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 22:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 22:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 22:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 22:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 21:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 21:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 21:12:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/10/31 19:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 14:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 14:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 14:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 14:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 14:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 10:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/27 23:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 23:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2006/12/29 21:29:06 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdm.sys
[2006/12/29 21:29:06 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmserd.sys
[2006/12/29 21:29:06 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdfl.sys
[2006/12/29 21:29:06 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmwhnt.sys
[2006/12/29 21:29:05 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmbus.sys
[2006/12/29 21:29:05 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcmnt.sys
[2006/12/29 21:29:05 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcr.sys
[2006/12/29 21:29:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermptxp.sys
[2006/12/29 21:29:04 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermpt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 12:21:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/11/07 12:20:02 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 11:58:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 11:24:03 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500UA.job
[2011/11/07 10:54:51 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2011/11/07 10:43:48 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/07 09:15:17 | 000,477,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 09:15:17 | 000,086,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 10:51:12 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/02 10:33:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 10:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 20:56:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/01 20:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/11/01 18:24:20 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500Core.job
[2011/10/31 22:06:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:08 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/31 17:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 15:09:56 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 10:42:59 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:27 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/13 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 10:54:51 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2011/11/04 10:51:12 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/01 20:56:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/10/31 22:06:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/31 22:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 22:00:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 22:00:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 22:00:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/31 22:00:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 22:00:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 20:52:12 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\IWUM.job
[2011/10/31 20:52:12 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 19:25:09 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:02 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/29 15:09:34 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 10:42:46 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:13 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/15 22:21:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 13:13:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wzehigihagonaman.dat
[2011/09/06 13:13:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Blibirikijirazoh.bin
[2010/07/27 16:56:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/14 09:53:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/14 09:53:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/14 09:53:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/14 09:53:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/14 09:53:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/14 09:53:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/14 09:53:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/14 09:53:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/14 09:53:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/14 09:53:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/14 09:53:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/14 09:53:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 09:49:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/11/11 15:51:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2008/10/08 17:38:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/11 09:42:02 | 000,015,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.PNF
[2008/02/11 09:42:02 | 000,009,842 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.inf
[2008/02/11 09:42:02 | 000,007,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.PNF
[2008/02/11 09:42:02 | 000,007,082 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem24.PNF
[2008/02/11 09:42:02 | 000,004,406 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740922-(null)
[2008/02/11 09:42:01 | 000,015,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.PNF
[2008/02/11 09:42:01 | 000,012,770 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem20.PNF
[2008/02/11 09:42:01 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.PNF
[2008/02/11 09:42:01 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.inf
[2008/02/11 09:42:01 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.inf
[2008/02/11 09:42:01 | 000,006,061 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740921-(null)
[2008/02/11 09:42:01 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.inf
[2008/02/11 09:42:00 | 000,014,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem18.PNF
[2008/02/11 09:42:00 | 000,012,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem19.PNF
[2008/02/11 09:42:00 | 000,007,141 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740919-(null)
[2008/02/11 09:42:00 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740920-(null)
[2007/08/21 14:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/06 14:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/29 16:16:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 21:29:05 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_MDM.INF
[2006/12/29 21:29:05 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_BRIT.INF
[2006/12/29 21:29:05 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_BUS.INF
[2006/12/29 21:29:05 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_SDM.INF
[2006/12/29 21:29:04 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000.INF
[2006/12/29 21:29:04 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000XP.INF
[2006/12/29 21:29:04 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_A1000.INF
[2006/12/29 21:29:04 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_CMCS_2000.INF
[2006/04/19 13:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/19 13:21:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/09 21:13:15 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/09 21:12:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/14 17:53:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/14 14:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2004/01/14 13:53:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/01/14 13:37:54 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/01/14 13:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/01/14 13:14:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:49:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/01/14 12:46:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/01/14 12:38:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/01/14 12:38:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/14 12:20:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/01/14 12:20:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/01/14 12:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/01/14 12:20:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/01/13 19:31:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 19:29:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 19:28:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/13 19:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/13 19:22:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 18:10:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/13 18:09:42 | 000,477,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/13 18:09:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/01/13 18:09:42 | 000,086,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/13 18:09:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/01/13 18:09:40 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/13 18:09:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/01/13 18:09:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 18:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/01/13 18:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/01/13 18:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/01/13 18:09:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/13 11:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/16 08:29:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/27 20:29:30 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2003/11/27 20:13:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2003/11/20 19:52:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2003/11/14 14:05:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/14 13:57:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2003/07/29 18:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/04 10:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/04 10:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/04 12:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/05/10 19:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2009/02/14 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2009/02/15 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreshDiagnose
[2004/01/14 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2004/01/14 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/07/06 15:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2004/01/14 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2008/11/10 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/10/18 17:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/30 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/05/10 19:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/15 22:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 10:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/10 19:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/10 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/20 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/11/01 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/07 22:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/24 17:22:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\Tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\MOBCCAFLUV.job
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/04 18:39:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/04 18:39:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/03/31 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >

descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 6:29 pm

more_horiz
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x00800006

Kernel Drivers (total 76):
0x80400000 \i386\system32\ntoskrnl.exe
0x80615000 \i386\system32\halacpi.dll
0xF8D95000 \i386\system32\KDCOM.DLL
0xF8CA5000 \i386\system32\BOOTVID.dll
0xF87FA000 setupdd.sys
0xF8E5D000 \i386\system32\drivers\SPDDLANG.SYS
0xF87E9000 pci.sys
0xF87BB000 acpi.sys
0xF8D97000 \i386\system32\drivers\WMILIB.SYS
0xF8895000 isapnp.sys
0xF8E5E000 \i386\system32\drivers\OPRGHDLR.SYS
0xF879D000 pcmcia.sys
0xF8E5F000 pciide.sys
0xF8B15000 \i386\system32\drivers\PCIIDEX.SYS
0xF88C5000 mountmgr.sys
0xF877E000 ftdisk.sys
0xF8B25000 partmgr.sys
0xF8DA1000 dmload.sys
0xF8758000 dmio.sys
0xF88F5000 \i386\system32\drivers\CLASSPNP.SYS
0xF8B35000 usbehci.sys
0xF86FE000 \i386\system32\drivers\USBPORT.SYS
0xF8B45000 usbuhci.sys
0xF8915000 usbhub.sys
0xF8DA5000 \i386\system32\drivers\USBD.SYS
0xF8B55000 \i386\system32\drivers\HIDPARSE.SYS
0xF8935000 serial.sys
0xF8CB1000 serenum.sys
0xF8945000 i8042prt.sys
0xF8B65000 kbdclass.sys
0xF8B6D000 mouclass.sys
0xF86E6000 SCSIPORT.SYS
0xF86CE000 atapi.sys
0xF8CD5000 VMSCSI.SY_
0xF8BCD000 VIAPDSK.SY_
0xF85A1000 viamraid.SY_
0xF853A000 SISRAID4.SY_
0xF8BD5000 SISRAID2.SY_
0xF755A000 dmboot.sys
0xF8619000 cdrom.sys
0xF8609000 disk.sys
0xF7543000 ksecdd.sys
0xF7520000 fastfat.sys
0xF7493000 ntfs.sys
0xF85F9000 cdfs.sys
0xF7466000 ndis.sys
0xF744B000 mup.sys
0xF8EED000 \SystemRoot\System32\drivers\audstub.sys
0xF8DAF000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF8C4D000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8DB3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7290000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8D81000 \SystemRoot\system32\drivers\ramdriv.sys
0xF8BDD000 \SystemRoot\System32\drivers\vga.sys
0xBAFEC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xBAFBB000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF8D8D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF8F02000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B75000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8B85000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAFA8000 \SystemRoot\System32\drivers\ipsec.sys
0xF8DB7000 \SystemRoot\System32\Drivers\Beep.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8B9D000 \SystemRoot\System32\watchdog.sys
0xF7353000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF8F40000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xF8AB5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF8B1D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBAADC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBAA45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9ED000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA9CB000 \SystemRoot\system32\drivers\afd.sys
0xBA9A3000 \SystemRoot\system32\DRIVERS\netbt.sys
0x7C900000 \I386\SYSTEM32\NTDLL.DLL

Processes (total 15):
0 System Idle Process
4 System
208 X:\I386\SYSTEM32\CSRSS.EXE
268 X:\I386\SYSTEM32\SERVICES.EXE
280 X:\I386\SYSTEM32\LSASS.EXE
396 X:\I386\SYSTEM32\REATOGOLOGON.EXE
400 X:\I386\SYSTEM32\SVCHOST.EXE
480 X:\I386\SYSTEM32\SVCHOST.EXE
1496 X:\I386\SYSTEM32\SVCHOST.EXE
1668 X:\I386\SYSTEM32\SVCHOST.EXE
1804 X:\PROGRAMS\wbload\wbload.exe
1932 X:\I386\SYSTEM32\SVCHOST.EXE
1984 X:\I386\EXPLORER.EXE
764 X:\I386\EXPLORER.EXE
888 C:\MBRCheck.exe

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK4025GAS, Rev: KA101A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

descriptionRedirect virus EmptyRe: Redirect virus7th November 2011, 6:40 pm

more_horiz
FYI - I could not get on the internet with Reatogo-X-PE so I had to copy the files onto a flash drive and post them from my work computer. Can I reboot and go back to booting from my C: drive or should I stay on Reatogo?

descriptionRedirect virus EmptyRe: Redirect virus8th November 2011, 7:43 am

more_horiz
Stay in REATOGO and moving stuff around with a flash drive is a very good idea.

I think I have found some bad files - lets get rid of it and see if things work out better for you after that.

====================

Please run OTLPE again

  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:

:files
C:\WINDOWS\tasks\IWUM.job
C:\WINDOWS\tasks\MOBCCAFLUV.job
C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
C:\WINDOWS\System32\TZLogq.dll
C:\WINDOWS\Wzehigihagonaman.dat
C:\WINDOWS\System32\msxmlp.dll
C:\WINDOWS\Blibirikijirazoh.bin

:otl
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found

:commands
[reboot]

  • Then click the Run Fix button at the top (Not the Run Scan!).
  • The computer will reboot - do so normally (take out the boot CD).
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


Redirects are gone after this !?!?!?

descriptionRedirect virus EmptyRe: Redirect virus8th November 2011, 3:03 pm

more_horiz
You are AWESOME!!!!!! Seems to be fixed now!!! Thank you so much!

descriptionRedirect virus EmptyRe: Redirect virus8th November 2011, 3:05 pm

more_horiz
OTL logfile created on: 11/8/2011 9:19:00 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 303.00 Mb Available Physical Memory | 59.00% Memory free
459.00 Mb Paging File | 338.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.29 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive D: | 254.09 Mb Total Space | 251.56 Mb Free Space | 99.00% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (SessionLauncher)
SRV - File not found [Disabled] -- -- (RoxLiveShare10)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/09/23 17:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 17:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 20:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 08:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 08:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/09 23:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 20:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 14:26:14 | 000,053,248 | ---- | M] () [Disabled] -- C:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 17:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/09/18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 09:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 18:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 17:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 22:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 05:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 22:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 02:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/16 23:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 08:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 12:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 05:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/27 23:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 17:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 14:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 16:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 19:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 18:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 15:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 16:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 16:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 22:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 14:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.specterproperties.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 13:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 22:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 18:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 07:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/29 23:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 18:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 22:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 16:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 19:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 20:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151706553260 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 19:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 10:44:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/07 09:27:11 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/02 09:29:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/01 20:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTL
[2011/11/01 20:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 22:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 22:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 22:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 22:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 22:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 22:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 21:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 21:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 21:12:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/10/31 19:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 14:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 14:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 14:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 14:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 14:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 10:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/27 23:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 23:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2006/12/29 21:29:06 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdm.sys
[2006/12/29 21:29:06 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmserd.sys
[2006/12/29 21:29:06 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdfl.sys
[2006/12/29 21:29:06 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmwhnt.sys
[2006/12/29 21:29:05 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmbus.sys
[2006/12/29 21:29:05 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcmnt.sys
[2006/12/29 21:29:05 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcr.sys
[2006/12/29 21:29:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermptxp.sys
[2006/12/29 21:29:04 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermpt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 12:21:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/11/07 12:20:02 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 11:58:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 11:24:03 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500UA.job
[2011/11/07 10:54:51 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2011/11/07 10:43:48 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/07 09:15:17 | 000,477,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 09:15:17 | 000,086,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 10:51:12 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/02 10:33:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 10:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 20:56:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/01 20:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/11/01 18:24:20 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500Core.job
[2011/10/31 22:06:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:08 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/31 17:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 15:09:56 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 10:42:59 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:27 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/13 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 10:54:51 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2011/11/04 10:51:12 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/01 20:56:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/10/31 22:06:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/31 22:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 22:00:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 22:00:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 22:00:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/31 22:00:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 22:00:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 20:52:12 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\IWUM.job
[2011/10/31 20:52:12 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 19:25:09 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:02 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/29 15:09:34 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 10:42:46 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:13 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/15 22:21:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 13:13:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wzehigihagonaman.dat
[2011/09/06 13:13:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Blibirikijirazoh.bin
[2010/07/27 16:56:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/14 09:53:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/14 09:53:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/14 09:53:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/14 09:53:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/14 09:53:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/14 09:53:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/14 09:53:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/14 09:53:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/14 09:53:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/14 09:53:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/14 09:53:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/14 09:53:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 09:49:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/11/11 15:51:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2008/10/08 17:38:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/11 09:42:02 | 000,015,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.PNF
[2008/02/11 09:42:02 | 000,009,842 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.inf
[2008/02/11 09:42:02 | 000,007,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.PNF
[2008/02/11 09:42:02 | 000,007,082 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem24.PNF
[2008/02/11 09:42:02 | 000,004,406 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740922-(null)
[2008/02/11 09:42:01 | 000,015,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.PNF
[2008/02/11 09:42:01 | 000,012,770 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem20.PNF
[2008/02/11 09:42:01 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.PNF
[2008/02/11 09:42:01 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.inf
[2008/02/11 09:42:01 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.inf
[2008/02/11 09:42:01 | 000,006,061 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740921-(null)
[2008/02/11 09:42:01 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.inf
[2008/02/11 09:42:00 | 000,014,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem18.PNF
[2008/02/11 09:42:00 | 000,012,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem19.PNF
[2008/02/11 09:42:00 | 000,007,141 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740919-(null)
[2008/02/11 09:42:00 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740920-(null)
[2007/08/21 14:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/06 14:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/29 16:16:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 21:29:05 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_MDM.INF
[2006/12/29 21:29:05 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_BRIT.INF
[2006/12/29 21:29:05 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_BUS.INF
[2006/12/29 21:29:05 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_SDM.INF
[2006/12/29 21:29:04 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000.INF
[2006/12/29 21:29:04 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000XP.INF
[2006/12/29 21:29:04 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_A1000.INF
[2006/12/29 21:29:04 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_CMCS_2000.INF
[2006/04/19 13:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/19 13:21:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/09 21:13:15 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/09 21:12:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/14 17:53:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/14 14:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2004/01/14 13:53:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/01/14 13:37:54 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/01/14 13:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/01/14 13:14:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:49:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/01/14 12:46:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/01/14 12:38:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/01/14 12:38:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/14 12:20:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/01/14 12:20:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/01/14 12:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/01/14 12:20:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/01/13 19:31:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 19:29:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 19:28:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/13 19:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/13 19:22:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 18:10:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/13 18:09:42 | 000,477,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/13 18:09:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/01/13 18:09:42 | 000,086,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/13 18:09:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/01/13 18:09:40 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/13 18:09:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/01/13 18:09:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 18:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/01/13 18:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/01/13 18:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/01/13 18:09:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/13 11:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/16 08:29:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/27 20:29:30 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2003/11/27 20:13:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2003/11/20 19:52:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2003/11/14 14:05:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/14 13:57:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2003/07/29 18:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/04 10:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/04 10:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/04 12:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/05/10 19:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2009/02/14 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2009/02/15 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreshDiagnose
[2004/01/14 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2004/01/14 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/07/06 15:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2004/01/14 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2008/11/10 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/10/18 17:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/30 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/05/10 19:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/15 22:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 10:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/10 19:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/10 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/20 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/11/01 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/07 22:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/24 17:22:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\Tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\MOBCCAFLUV.job
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< :files >

< C:\WINDOWS\tasks\IWUM.job >
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\IWUM.job

< C:\WINDOWS\tasks\MOBCCAFLUV.job >
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job

< C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} >

< C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} >

< C:\WINDOWS\System32\TZLogq.dll >
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\TZLogq.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

< C:\WINDOWS\Wzehigihagonaman.dat >
[2011/09/13 17:27:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wzehigihagonaman.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< C:\WINDOWS\System32\msxmlp.dll >
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\msxmlp.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

< C:\WINDOWS\Blibirikijirazoh.bin >
[2011/09/13 17:27:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Blibirikijirazoh.bin
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]


< :otl >

~[Filtered]~


< :commands >

< [reboot] >
< End of report >

descriptionRedirect virus EmptyRe: Redirect virus8th November 2011, 3:16 pm

more_horiz
The last log puzzles me.

It was made by incorrectly following my instructions.

You have to paste the fix script (the green text in the code box of my previous post) in the "Custom fixes" field of OTLPE and click RUN FIX - not RUN SCAN.

The log you just posted is what happens if you err and click the Run Scan button - it still shows the bad files.

descriptionRedirect virus EmptyRe: Redirect virus8th November 2011, 3:36 pm

more_horiz
oh wait.......................check this one out............... I removed the disk too soon and computer got hung up (oops, sorry) and so I ran it again. Is this the log you were looking for? I do have a log that popped up on reboot. I'll post that at the end of this post.

OTL logfile created on: 11/8/2011 9:38:25 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 301.00 Mb Available Physical Memory | 59.00% Memory free
459.00 Mb Paging File | 337.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.29 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (SessionLauncher)
SRV - File not found [Disabled] -- -- (RoxLiveShare10)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/09/23 17:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 17:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 20:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 08:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 08:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/09 23:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 20:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 14:26:14 | 000,053,248 | ---- | M] () [Disabled] -- C:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 17:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/09/18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 09:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 18:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 17:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 22:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 05:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 22:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 02:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/16 23:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 08:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 12:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 05:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/27 23:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 17:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 14:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 16:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 19:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 18:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 15:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 16:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 16:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 22:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 14:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.specterproperties.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 13:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 22:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 18:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 07:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/29 23:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 18:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 22:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 16:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 19:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 20:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151706553260 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 19:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 09:25:14 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/11/07 10:44:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/07 09:27:11 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/02 09:29:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/01 20:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTL
[2011/11/01 20:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 22:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 22:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 22:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 22:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 22:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 22:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 21:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 21:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 21:12:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/10/31 19:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 14:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 14:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 14:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 14:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 14:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 10:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/27 23:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 23:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2006/12/29 21:29:06 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdm.sys
[2006/12/29 21:29:06 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmserd.sys
[2006/12/29 21:29:06 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdfl.sys
[2006/12/29 21:29:06 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmwhnt.sys
[2006/12/29 21:29:05 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmbus.sys
[2006/12/29 21:29:05 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcmnt.sys
[2006/12/29 21:29:05 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcr.sys
[2006/12/29 21:29:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermptxp.sys
[2006/12/29 21:29:04 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermpt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 12:21:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/07 12:20:02 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 11:58:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 11:24:03 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500UA.job
[2011/11/07 10:54:51 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2011/11/07 10:43:48 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/07 09:15:17 | 000,477,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 09:15:17 | 000,086,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 10:51:12 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/02 10:33:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 10:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 20:56:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/01 20:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/11/01 18:24:20 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500Core.job
[2011/10/31 22:06:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 19:25:09 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:08 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/31 17:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 15:09:56 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 10:42:59 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:27 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/13 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 10:54:51 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2011/11/04 10:51:12 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/01 20:56:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/10/31 22:06:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/31 22:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 22:00:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 22:00:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 22:00:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/31 22:00:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 22:00:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 19:25:09 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 19:25:09 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:02 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/29 15:09:34 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 10:42:46 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:13 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/15 22:21:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/27 16:56:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/14 09:53:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/14 09:53:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/14 09:53:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/14 09:53:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/14 09:53:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/14 09:53:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/14 09:53:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/14 09:53:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/14 09:53:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/14 09:53:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/14 09:53:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/14 09:53:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 09:49:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/11/11 15:51:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2008/10/08 17:38:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/11 09:42:02 | 000,015,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.PNF
[2008/02/11 09:42:02 | 000,009,842 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.inf
[2008/02/11 09:42:02 | 000,007,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.PNF
[2008/02/11 09:42:02 | 000,007,082 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem24.PNF
[2008/02/11 09:42:02 | 000,004,406 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740922-(null)
[2008/02/11 09:42:01 | 000,015,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.PNF
[2008/02/11 09:42:01 | 000,012,770 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem20.PNF
[2008/02/11 09:42:01 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.PNF
[2008/02/11 09:42:01 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.inf
[2008/02/11 09:42:01 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.inf
[2008/02/11 09:42:01 | 000,006,061 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740921-(null)
[2008/02/11 09:42:01 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.inf
[2008/02/11 09:42:00 | 000,014,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem18.PNF
[2008/02/11 09:42:00 | 000,012,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem19.PNF
[2008/02/11 09:42:00 | 000,007,141 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740919-(null)
[2008/02/11 09:42:00 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740920-(null)
[2007/08/21 14:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/06 14:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/29 16:16:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 21:29:05 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_MDM.INF
[2006/12/29 21:29:05 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_BRIT.INF
[2006/12/29 21:29:05 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_BUS.INF
[2006/12/29 21:29:05 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_SDM.INF
[2006/12/29 21:29:04 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000.INF
[2006/12/29 21:29:04 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000XP.INF
[2006/12/29 21:29:04 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_A1000.INF
[2006/12/29 21:29:04 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_CMCS_2000.INF
[2006/04/19 13:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/19 13:21:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/09 21:13:15 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/09 21:12:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/14 17:53:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/14 14:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2004/01/14 13:53:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/01/14 13:37:54 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/01/14 13:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/01/14 13:14:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:49:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/01/14 12:46:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/01/14 12:38:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/01/14 12:38:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/14 12:20:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/01/14 12:20:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/01/14 12:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/01/14 12:20:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/01/13 19:31:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 19:29:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 19:28:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/13 19:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/13 19:22:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 18:10:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/13 18:09:42 | 000,477,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/13 18:09:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/01/13 18:09:42 | 000,086,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/13 18:09:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/01/13 18:09:40 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/13 18:09:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/01/13 18:09:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 18:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/01/13 18:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/01/13 18:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/01/13 18:09:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/13 11:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/16 08:29:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/27 20:29:30 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2003/11/27 20:13:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2003/11/20 19:52:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2003/11/14 14:05:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/14 13:57:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2003/07/29 18:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/04 10:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/04 10:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/04 12:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/05/10 19:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2009/02/14 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2009/02/15 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreshDiagnose
[2004/01/14 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2004/01/14 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/07/06 15:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2004/01/14 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2008/11/10 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/10/18 17:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/30 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/05/10 19:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/15 22:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 10:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/10 19:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/10 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/20 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/11/01 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< :files >

< C:\WINDOWS\tasks\IWUM.job >

< C:\WINDOWS\tasks\MOBCCAFLUV.job >

< C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} >

< C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} >

< C:\WINDOWS\System32\TZLogq.dll >

< C:\WINDOWS\Wzehigihagonaman.dat >

< C:\WINDOWS\System32\msxmlp.dll >

< C:\WINDOWS\Blibirikijirazoh.bin >


< :otl >

~[Filtered]~


< :commands >

< [reboot] >
< End of report >


Here's the log that came up on reboot
========== FILES ==========
File\Folder C:\WINDOWS\tasks\IWUM.job not found.
File\Folder C:\WINDOWS\tasks\MOBCCAFLUV.job not found.
File\Folder C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} not found.
File\Folder C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} not found.
File\Folder C:\WINDOWS\System32\TZLogq.dll not found.
File\Folder C:\WINDOWS\Wzehigihagonaman.dat not found.
File\Folder C:\WINDOWS\System32\msxmlp.dll not found.
File\Folder C:\WINDOWS\Blibirikijirazoh.bin not found.
========== OTL ==========
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk scheduled to be moved on reboot.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 11082011_094205

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk not found!

Registry entries deleted on Reboot...

descriptionRedirect virus EmptyRe: Redirect virus8th November 2011, 3:40 pm

more_horiz
Ok - that log is clean. Your redirect problems are over now?

descriptionRedirect virus EmptyRe: Redirect virus8th November 2011, 3:43 pm

more_horiz
So far so good!!! I've ran searches on both Firefox and Internet Explorer. The same ones I ran before and then some new ones. All seems to be going well.............................

descriptionRedirect virus EmptyRe: Redirect virus8th November 2011, 3:57 pm

more_horiz
*FISTPUMP*

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 29

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 29).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

You have an old version installed of Adobe Reader. This old version has security issues.
I recommend that you uninstall Adobe Reader through Start > Control Panel > Add or Remove Programs.
After that you should install a PDF reader that is more secure.
Please note that Adobe Reader has a history of security issues and is a prime target for malware writers due to its popularity. You might want to consider installing a non-Adobe PDF reader. Your choice!
  • Adobe Reader 10. The last and most safest version of Adobe Reader.
  • SumatraPDF. Very small and very light PDF viewer.
  • PDF XChange. Also available in 64-bit version if you have a 64-bit OS. Can be installed as portable.


====================

I see that you have P2P software installed on your machine (uTorrent).
While file-sharing is a useful concept, P2P programs are mostly used for shady/illegal practices like software piracy, copyright infraction and malware distribution. You really do not want to contribute to illegal activities or find yourself victim of cybercriminals using P2P for spreading of their malware. I would strongly recommend that you uninstall all P2P software, however that choice is up to you. If you choose to remove these programs, you can do so via Start >> Control Panel >> Add or Remove Programs.

====================

Time to uninstall used tools.

  • Go to Start > Run and type or copy/paste Combofix /uninstall (note the space before the "/").
  • Double click OTL.exe to run it again and click the CleanUp button.
  • If we used any other tools and they still remain on your desktop, please delete them manually.

====================

Do you have any more questions or do you want to see my ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)?

descriptionRedirect virus EmptyRe: Redirect virus8th November 2011, 4:47 pm

more_horiz
The Utorrent was installed by my son on an external hard drive and is not actually located on the computer itself. I tried to delete it using the Add/Remove programs but it says it's on Drive E: which is a usb port. Is there a way to remove it from the Program List?

descriptionRedirect virus EmptyRe: Redirect virus8th November 2011, 4:55 pm

more_horiz
Oh and YES, most definitely, I'd like your ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)!!

descriptionRedirect virus EmptyRe: Redirect virus9th November 2011, 7:02 am

more_horiz
Allright! Here follows my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean):

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit http://windowsupdate.microsoft.com. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • Ad-Aware Free Internet Security has received great reviews from leading security analysts.
  • Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look here for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  • Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use the last version) can be made a lot safer with Spywareblaster (manual here).
  • The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  • WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? Help us back!

descriptionRedirect virus EmptyRe: Redirect virus9th November 2011, 12:10 pm

more_horiz
Awesome, thank you so much!!!

descriptionRedirect virus EmptyRe: Redirect virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum