rundll32 error / virus ?

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

rundll32 error / virus ?5th May 2012, 9:48 pm

After reading some of the other posts with similar issure I have the following logs OTL:
OTL logfile created on: 5/5/2012 5:09:05 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 52.37 Mb Available Physical Memory | 10.27% Memory free
1.22 Gb Paging File | 0.54 Gb Available in Paging File | 44.29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 42.65 Gb Free Space | 57.28% Space Free | Partition Type: NTFS

Computer Name: CHILDREN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/05 17:07:43 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/05/05 17:02:35 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller\TDSSKiller.exe
PRC - [2012/05/03 22:23:03 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/03 22:22:45 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/02 10:31:20 | 001,810,072 | ---- | M] (We-Care.com) -- C:\Documents and Settings\All Users\Application Data\WeCareReminder\ReminderHelper.exe
PRC - [2012/01/27 13:59:12 | 047,658,848 | ---- | M] (Slimware Utilities, Inc.) -- C:\Program Files\FixCleaner\FixCleaner.exe
PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 08:00:00 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/03 22:23:08 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/03 22:23:03 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MOD - [2012/05/03 22:22:45 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/04/14 17:49:33 | 000,038,400 | ---- | M] () -- C:\WINDOWS\system32\usbniw32.dll
MOD - [2005/03/21 14:36:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\Security.dll
MOD - [2005/02/24 20:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\ses_cl.dll
MOD - [2004/09/29 15:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\ez54g.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 00:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\GEMWEP.DLL
MOD - [2001/04/16 16:39:02 | 000,037,808 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe WMP54GSv1_1.exe -- (WMP54GSSVC)
SRV - File not found [On_Demand | Stopped] -- %systemroot%\system32\ehrecvr.dll -- (vsapint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pmshellsrv.dll -- (sscdbhk5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mksvirmonsvc.dll -- (raidmagt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupclientsvc.dll -- (qkbfiltr)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/05 10:04:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 22:23:03 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (bnevoerj)
DRV - [2012/05/05 00:35:10 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{143069F4-480A-4186-9894-DEE64D167228}\MpKsla06f34f6.sys -- (MpKsla06f34f6)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/12/18 13:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 13:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 13:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 13:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 13:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/04/07 15:33:08 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/04/07 15:33:08 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/03/24 10:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)
DRV - [2001/05/07 06:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {7C739552-1A17-4EA6-8039-87BAECC5FC28}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{7C739552-1A17-4EA6-8039-87BAECC5FC28}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&q={searchTerms}
IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJyyyyyyB3us&ptb=C319305C-B7B2-4259-8AB0-B96BD0AFBBFF&psa=&ind=2011071119&ptnrS=YJyyyyyyB3us&si=&st=sb&n=77de828f&searchfor={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3E10DC53-6E0D-415E-A586-D7D9C315D8C2}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120313,18760,0,8,0
IE - HKCU\..\SearchScopes\{4408C5D3-D063-47B7-F412-10B06D154E1C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z170&form=ZGAIDF&install_date=20110902&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{7C739552-1A17-4EA6-8039-87BAECC5FC28}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_enUS453
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3091B081-7AD2-485D-8372-2D174EE4E938}&mid=650a8ae48b9547d09365d15a669dff50-bb8e173a110fb6e990b0a6efb7e4327fa9ad2a70&lang=en&ds=ts025&pr=sa&d=2012-05-03 22:23:15&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&q={searchTerms}
IE - HKCU\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJyyyyyyB3us&ptb=C319305C-B7B2-4259-8AB0-B96BD0AFBBFF&psa=&ind=2011071119&ptnrS=YJyyyyyyB3us&si=&st=sb&n=77de828f&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.0.0.9\ [2012/05/03 22:24:08 | 000,000,000 | ---D | M]

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - !{5911488E-9D1E-40ec-8CBB-06B231CC153F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Starter] C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.guffins.com/one-toolbaredits/menusearch.jhtml?s=100000442&p=YJyyyyyyB3us&si=&a=C319305C-B7B2-4259-8AB0-B96BD0AFBBFF&n=2011071119 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276788178718 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310097564343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CCD2A2-5FB9-4CD9-80C6-908A9DD1A53B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\intelUsb3Sevices: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
O20 - Winlogon\Notify\usbniw32: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/17 08:30:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8ad64fdc-9d0b-11df-ae81-0013207916a3}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{98ea0576-204f-11e0-aeaa-0013207916a3}\Shell - "" = AutoRun
O33 - MountPoints2\{98ea0576-204f-11e0-aeaa-0013207916a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ea0576-204f-11e0-aeaa-0013207916a3}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{98ea0579-204f-11e0-aeaa-0013207916a3}\Shell - "" = AutoRun
O33 - MountPoints2\{98ea0579-204f-11e0-aeaa-0013207916a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98ea0579-204f-11e0-aeaa-0013207916a3}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: qkbfiltr - %systemroot%\system32\backupclientsvc.dll File not found
NetSvcs: raidmagt - %systemroot%\system32\mksvirmonsvc.dll File not found
NetSvcs: vsapint - %systemroot%\system32\ehrecvr.dll File not found
NetSvcs: sscdbhk5 - %systemroot%\system32\pmshellsrv.dll File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "Updater Service for StartNow Toolbar"
MsConfig - Services: "GuffinsService"
MsConfig - Services: "gusvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
MsConfig - StartUpReg: DATAMNGR - hkey= - key= - File not found
MsConfig - StartUpReg: FixCleaner - hkey= - key= - C:\Program Files\FixCleaner\FixCleaner.exe (Slimware Utilities, Inc.)
MsConfig - StartUpReg: frostwire pro - hkey= - key= - File not found
MsConfig - StartUpReg: Guffins Browser Plugin Loader - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: StartNowToolbarHelper - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - File not found
MsConfig - StartUpReg: vProt - hkey= - key= - C:\Program Files\AVG Secure Search\vprot.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/05 17:07:36 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/05/05 17:06:17 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\96157151.sys
[2012/05/05 17:04:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/05 17:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2012/05/04 22:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2012/05/04 22:42:30 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2012/05/04 22:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/05/04 22:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/05/04 22:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2012/05/04 22:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2012/05/04 22:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/05/04 22:38:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/05/04 22:38:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2012/05/04 22:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/05/03 22:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\SecurityScans
[2012/05/03 22:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2012/05/03 22:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search
[2012/05/03 22:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG Secure Search
[2012/05/03 22:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/03 22:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/03 22:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/03 22:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FixCleaner
[2012/05/03 22:16:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/03 22:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FixCleaner
[2012/05/03 22:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2012/05/03 22:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2012/05/03 20:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2012/05/03 20:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/05/03 20:41:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/05/03 19:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/05/03 19:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2012/05/03 19:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FrostWire
[2012/05/03 19:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.frostwire5
[2012/05/03 19:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\FrostWire 5
[2012/05/03 19:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire 5
[2012/05/03 19:47:06 | 010,399,760 | ---- | C] (FrostWire Team) -- C:\Documents and Settings\Owner\Desktop\frostwire-5.3.5.windows.exe
[2012/05/02 00:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabPDFReader
[2012/05/01 21:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MusicOasis
[2012/05/01 21:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/05/01 21:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/05/01 21:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
[2012/04/19 19:17:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/14 17:53:45 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/12 08:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/10 21:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/10 21:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/10 19:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2012/04/06 18:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/05 17:15:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/05/05 17:14:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/05 17:07:43 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/05/05 17:06:18 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\96157151.sys
[2012/05/05 17:06:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/05/05 17:03:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/05 17:02:02 | 002,055,783 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/05/05 15:19:20 | 000,002,600 | ---- | M] () -- C:\WINDOWS\xp_exe_fix.reg
[2012/05/05 13:12:29 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Owner.job
[2012/05/05 12:00:02 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/05/05 10:04:04 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/05 10:04:04 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/05 00:31:35 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/05 00:31:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/05 00:29:15 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/04 22:49:08 | 000,099,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/04 22:44:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/04 21:16:17 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012/05/04 20:48:19 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012/05/04 18:46:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/03 22:45:38 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk
[2012/05/03 22:16:21 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2012/05/03 19:49:07 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.5.lnk
[2012/05/03 19:49:07 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 5.3.5.lnk
[2012/05/03 19:47:52 | 010,399,760 | ---- | M] (FrostWire Team) -- C:\Documents and Settings\Owner\Desktop\frostwire-5.3.5.windows.exe
[2012/05/01 20:47:09 | 004,455,476 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Take care rhianna & drake.mp3
[2012/04/26 14:01:36 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/18 17:53:58 | 000,105,324 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[2012/04/18 17:53:58 | 000,000,198 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/04/14 18:42:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/14 17:57:02 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/14 17:53:27 | 000,115,686 | ---- | M] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/04/14 17:49:33 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\usbniw32.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/05 17:01:21 | 002,055,783 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/05/04 21:25:13 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/05/03 22:45:38 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk
[2012/05/03 22:45:37 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk
[2012/05/03 22:16:59 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2012/05/03 22:16:21 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2012/05/03 19:50:34 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/05/03 19:49:07 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.5.lnk
[2012/05/03 19:49:06 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 5.3.5.lnk
[2012/05/01 22:46:51 | 000,063,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/01 20:48:31 | 004,455,476 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Take care rhianna & drake.mp3
[2012/04/26 14:01:31 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/18 17:53:58 | 000,105,324 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2012/04/14 17:53:46 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/14 17:53:27 | 000,115,686 | ---- | C] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/04/14 17:53:27 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/04/14 17:49:33 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\usbniw32.dll
[2012/04/10 21:21:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/10 19:55:52 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/24 10:40:05 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\jgldog11.dll
[2012/02/16 02:44:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/03 19:53:31 | 000,013,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/30 21:01:48 | 000,161,744 | ---- | C] () -- C:\Program Files\u4res.dll
[2011/10/15 16:14:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/08/21 09:13:26 | 000,000,039 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/07/11 21:55:07 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/23 21:10:53 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/04/23 21:10:50 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/04/23 21:10:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/04/23 21:10:41 | 000,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/04/23 20:15:02 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2011/01/15 22:55:16 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2010/07/31 21:52:32 | 000,001,044 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/07/31 21:24:53 | 000,000,565 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2010/07/11 10:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Edmark.ini
[2010/07/11 10:56:00 | 000,000,519 | ---- | C] () -- C:\WINDOWS\pipeline.ini
[2010/07/10 17:50:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/06/17 08:32:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/17 08:27:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/17 04:19:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/17 04:18:47 | 000,099,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/06/17 08:29:55 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/05/29 00:36:04 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2011/07/11 19:44:19 | 000,161,744 | ---- | M] () -- C:\Program Files\u4res.dll

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/06/17 08:30:33 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/17 08:37:02 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/06/17 08:37:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/05/03 19:47:52 | 010,399,760 | ---- | M] (FrostWire Team) -- C:\Documents and Settings\Owner\Desktop\frostwire-5.3.5.windows.exe
[2012/05/05 17:07:43 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/06/17 08:37:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/06/17 04:17:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/06/17 04:17:59 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/06/17 04:17:59 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/14 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcm42rly.sys
[2008/04/14 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys
[2008/04/14 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008/04/14 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/14 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/04/14 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008/04/14 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008/04/14 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008/04/14 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008/04/14 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/14 08:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/14 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/14 08:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/14 08:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/14 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2009/12/18 13:13:04 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCASp50.sys
[2009/12/18 13:13:04 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCASp50a64.sys
[2008/04/14 08:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2012/02/03 05:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2010/06/17 08:30:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/05/05 17:06:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/17 08:30:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/04/18 20:24:21 | 000,004,217 | ---- | M] () -- C:\err.log
[2010/06/17 08:30:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/17 08:30:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/05/05 00:31:21 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2012/05/05 17:05:16 | 000,157,484 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_05.05.2012_17.02.47_log.txt
[2012/05/05 17:06:22 | 000,003,264 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_05.05.2012_17.06.17_log.txt
[2011/07/11 21:34:52 | 000,000,000 | ---- | M] () -- C:\testwma.raw
[2012/03/28 18:20:51 | 000,000,050 | ---- | M] () -- C:\user.js

< %PROGRAMFILES%\*. >
[2012/05/01 21:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/06/17 12:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/06/17 10:58:32 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2011/07/08 15:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012/05/03 19:50:35 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2012/05/03 22:23:59 | 000,000,000 | ---D | M] -- C:\Program Files\AVG Secure Search
[2011/07/08 15:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2012/05/04 22:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/06/17 08:27:44 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/17 11:00:31 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/07/22 20:54:48 | 000,000,000 | ---D | M] -- C:\Program Files\Datel
[2010/06/17 11:00:07 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2011/08/05 11:16:38 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2012/03/30 21:05:14 | 000,000,000 | ---D | M] -- C:\Program Files\Driver-Soft
[2011/10/13 18:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2011/05/29 16:49:49 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2012/05/03 22:17:02 | 000,000,000 | ---D | M] -- C:\Program Files\FixCleaner
[2012/05/02 00:03:23 | 000,000,000 | ---D | M] -- C:\Program Files\FoxTabPDFReader
[2012/05/03 19:49:07 | 000,000,000 | ---D | M] -- C:\Program Files\FrostWire 5
[2012/01/31 15:17:02 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/01/30 21:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\Guffins
[2011/07/11 19:43:25 | 000,000,000 | ---D | M] -- C:\Program Files\GuffinsEI
[2012/03/24 09:58:40 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/17 08:47:41 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/05/04 22:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/07/08 15:07:14 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/07/08 15:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2012/01/31 19:20:42 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/05/29 22:11:57 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2011/04/23 21:10:53 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
[2010/06/17 11:56:09 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/05/04 22:42:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2012/05/03 22:45:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2010/06/17 08:30:36 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2012/04/26 14:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2012/02/16 15:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2012/05/04 22:25:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/07/07 22:32:49 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2011/05/28 23:02:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/17 12:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/01/30 21:02:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/06/17 08:27:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/14 16:12:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/06/17 08:28:37 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/01/14 22:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2010/06/17 08:29:02 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/05/28 23:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/05/29 22:13:22 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2011/07/08 15:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/06/17 12:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/07/12 17:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Online Entertainment
[2011/08/21 09:16:43 | 000,000,000 | ---D | M] -- C:\Program Files\The Learning Company
[2010/06/17 08:36:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/09/01 21:17:00 | 000,000,000 | ---D | M] -- C:\Program Files\vGrabber
[2011/04/23 20:15:11 | 000,000,000 | ---D | M] -- C:\Program Files\WebEx
[2011/05/29 00:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2012/05/04 22:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/05/04 22:41:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/06/17 11:54:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/07/10 15:44:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/06/17 08:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/06/17 08:29:06 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/06/17 08:30:36 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2012/03/30 21:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2010/06/17 04:19:24 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini

< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 01:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/14 01:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\USBSTOR.SYS

Re: rundll32 error / virus ?5th May 2012, 9:49 pm

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-26 18:01:48

< >

< >

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB13477$] -> Error: Cannot create file handle -> Unknown point type

Re: rundll32 error / virus ?5th May 2012, 9:50 pm

OTL Extras logfile created on: 5/5/2012 5:09:05 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 52.37 Mb Available Physical Memory | 10.27% Memory free
1.22 Gb Paging File | 0.54 Gb Available in Paging File | 44.29% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 42.65 Gb Free Space | 57.28% Space Free | Partition Type: NTFS

Computer Name: CHILDREN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\InvokeSvc2.exe" = C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\InvokeSvc2.exe:*:Enabled:Wireless Network Monitor -- ()
"C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe" = C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe:*:Disabled:Need For Speed III for Win32
"C:\Program Files\Modem Helper\MDM_Util.exe" = C:\Program Files\Modem Helper\MDM_Util.exe:*:Enabled:Modem Helper -- ()
"C:\Program Files\Electronic Arts\Need For Speed III\3dSetup\3dsetup.exe" = C:\Program Files\Electronic Arts\Need For Speed III\3dSetup\3dsetup.exe:*:Enabled:3D Device Setup
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\Piolet\Piolet.exe" = C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F2268B0-B60D-4678-BF33-E1CD21FCCF82}" = FixCleaner
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6BBBF237-A114-48E6-BBD0-A52BEF9CCFB2}" = Cisco Network Magic
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76F4DD9B-C246-4BE0-00B6-3DE9ABF72299}" = Need For Speed Hot Pursuit 2
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{94358C28-335B-4E43-BC4E-C59576BAB653}" = CWA Reminder by We-Care.com v4.0.16.3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG Secure Search" = AVG Security Toolbar
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"FrostWire 5" = FrostWire 5.3.5
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall" = Network Magic
"PROSet" = Intel(R) PRO Network Connections Drivers
"vGrabber" = vGrabber
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2012 12:07:43 AM | Computer Name = CHILDREN | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is ?????????????????????????????????????????????????a?@?? , the
bogus index value is the first DWORD in Data section while the last valid index
values are the second and third DWORD in Data section.

Error - 5/5/2012 12:07:43 AM | Computer Name = CHILDREN | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is ?????????????????????????????????????????????????a?@?? , the
bogus index value is the first DWORD in Data section while the last valid index
values are the second and third DWORD in Data section.

Error - 5/5/2012 12:07:43 AM | Computer Name = CHILDREN | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is ?????????????????????????????????????????????????a?@?? , the
bogus index value is the first DWORD in Data section while the last valid index
values are the second and third DWORD in Data section.

Error - 5/5/2012 12:16:10 AM | Computer Name = CHILDREN | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is ?????????????????????????????????????????????????a?@?? , the
bogus index value is the first DWORD in Data section while the last valid index
values are the second and third DWORD in Data section.

Error - 5/5/2012 12:18:20 AM | Computer Name = CHILDREN | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is ?????????????????????????????????????????????????a?@?? , the
bogus index value is the first DWORD in Data section while the last valid index
values are the second and third DWORD in Data section.

Error - 5/5/2012 12:18:20 AM | Computer Name = CHILDREN | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is ?????????????????????????????????????????????????a?@?? , the
bogus index value is the first DWORD in Data section while the last valid index
values are the second and third DWORD in Data section.

Error - 5/5/2012 12:18:21 AM | Computer Name = CHILDREN | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is ?????????????????????????????????????????????????a?@?? , the
bogus index value is the first DWORD in Data section while the last valid index
values are the second and third DWORD in Data section.

Error - 5/5/2012 12:18:21 AM | Computer Name = CHILDREN | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is ?????????????????????????????????????????????????a?@?? , the
bogus index value is the first DWORD in Data section while the last valid index
values are the second and third DWORD in Data section.

Error - 5/5/2012 12:18:21 AM | Computer Name = CHILDREN | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is ?????????????????????????????????????????????????a?@?? , the
bogus index value is the first DWORD in Data section while the last valid index
values are the second and third DWORD in Data section.

Error - 5/5/2012 12:24:30 AM | Computer Name = CHILDREN | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is ?????????????????????????????????????????????????a?@?? , the
bogus index value is the first DWORD in Data section while the last valid index
values are the second and third DWORD in Data section.

[ System Events ]
Error - 5/4/2012 9:42:21 PM | Computer Name = CHILDREN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {601AC3DC-786A-4EB0-BF40-EE3521E70BFB}.
The
error: "%2" Happened while starting this command: rundll32.exe shell32.dll,SHCreateLocalServerRunDll
{601ac3dc-786a-4eb0-bf40-ee3521e70bfb} -Embedding

Error - 5/4/2012 10:50:50 PM | Computer Name = CHILDREN | Source = Service Control Manager | ID = 7023
Description = The Ndiscm service terminated with the following error: %%126

Error - 5/4/2012 10:50:50 PM | Computer Name = CHILDREN | Source = Service Control Manager | ID = 7023
Description = The WmHidLo service terminated with the following error: %%126

Error - 5/4/2012 10:50:50 PM | Computer Name = CHILDREN | Source = Service Control Manager | ID = 7023
Description = The Issuser service terminated with the following error: %%126

Error - 5/5/2012 12:32:56 AM | Computer Name = CHILDREN | Source = Service Control Manager | ID = 7023
Description = The Ndiscm service terminated with the following error: %%126

Error - 5/5/2012 12:32:56 AM | Computer Name = CHILDREN | Source = Service Control Manager | ID = 7023
Description = The WmHidLo service terminated with the following error: %%126

Error - 5/5/2012 12:32:56 AM | Computer Name = CHILDREN | Source = Service Control Manager | ID = 7023
Description = The Issuser service terminated with the following error: %%126

Error - 5/5/2012 12:33:28 AM | Computer Name = CHILDREN | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 5/5/2012 12:33:28 AM | Computer Name = CHILDREN | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 5/5/2012 12:33:28 AM | Computer Name = CHILDREN | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

< End of report >

Re: rundll32 error / virus ?5th May 2012, 9:51 pm

TDSSKILLER LOG

17:06:17.0171 1496 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:06:17.0515 1496 ============================================================
17:06:17.0515 1496 Current date / time: 2012/05/05 17:06:17.0515
17:06:17.0515 1496 SystemInfo:
17:06:17.0515 1496
17:06:17.0515 1496 OS Version: 5.1.2600 ServicePack: 3.0
17:06:17.0515 1496 Product type: Workstation
17:06:17.0515 1496 ComputerName: CHILDREN
17:06:17.0515 1496 UserName: Owner
17:06:17.0515 1496 Windows directory: C:\WINDOWS
17:06:17.0515 1496 System windows directory: C:\WINDOWS
17:06:17.0515 1496 Processor architecture: Intel x86
17:06:17.0515 1496 Number of processors: 1
17:06:17.0515 1496 Page size: 0x1000
17:06:17.0515 1496 Boot type: Normal boot
17:06:17.0515 1496 ============================================================
17:06:20.0828 1496 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:06:20.0828 1496 ============================================================
17:06:20.0828 1496 \Device\Harddisk0\DR0:
17:06:20.0828 1496 MBR partitions:
17:06:20.0828 1496 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EAFF8
17:06:20.0828 1496 ============================================================
17:06:20.0875 1496 C: <-> \Device\Harddisk0\DR0\Partition0
17:06:20.0875 1496 ============================================================
17:06:20.0875 1496 Initialize success
17:06:20.0875 1496 ============================================================

Re: rundll32 error / virus ?5th May 2012, 11:18 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*****************************************************************
P2P - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
FrostWire 5
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
You should also uninstall BearShare. It is known to contain spyware
***************************************************
I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
******************************************************
Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

rundll32 error / virus ? AswMBR_Scan

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

rundll32 error / virus ? AswMBR_SaveLog

On completion of the scan click save log, save it to your desktop and post in your next reply.
*********************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
rundll32 error / virus ? Mbamicontw5

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Re: rundll32 error / virus ?6th May 2012, 12:50 am

Thanks Dave
I was trying to remove the P2P sites and some other things from the computer and that's when I realized that I had a problem. I cannot access the add/remove programs or anything else in the control panel. Gives me a rundll32 error or it ask me which program to open with.
I can't download aswMBR.exe, I tried and it gave me an Internet explorer error and timed out
Had to go to my other computer to answer you because now the kids computer won't connect to the internet
I don't know what they have downloaded but I think I might be better off just smashin it with a hammer .......

Re: rundll32 error / virus ?6th May 2012, 1:39 am

I don't know what they have downloaded but I think I might be better off just smashin it with a hammer .......

Sometimes I feel like that also.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 7 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr
* WiNlOgOn.exe
* uSeRiNiT.exe
* iExplore.exe
* eXplorer.exe
Once you've gotten one of them to run then try to immediately run MBAM.

If these programs won't download, please download them on a working computer and transfer them using one of the methods I described earlier.

Re: rundll32 error / virus ?6th May 2012, 2:17 pm

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.06.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: CHILDREN [administrator]

Protection: Enabled

5/5/2012 10:02:24 PM
mbam-log-2012-05-05 (22-02-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 301084
Time elapsed: 2 hour(s), 48 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vGrabber (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^n^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Documents and Settings\bob marley\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Documents and Settings\bob marley\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Files Detected: 10
C:\Documents and Settings\bob marley\Local Settings\Temp\is1373634743\IWantThis_US.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\568627937.Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Warrior Cats\Local Settings\Temp\ICReinstall_PDFCreatorSetup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\u4res.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\vGrabber\Uninstall.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Program Files\FoxTabPDFReader\Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1614895754-113007714-1417001333-1005\Dc2.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\u4res.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\bob marley\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.

(end)

Re: rundll32 error / virus ?6th May 2012, 2:20 pm

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/05/2012 at 11:07 PM

Application Version : 5.0.1148

Core Rules Database Version : 8560
Trace Rules Database Version: 6372

Scan type : Quick Scan
Total Scan Time : 01:25:23

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 497
Memory threats detected : 1
Registry items scanned : 28785
Registry threats detected : 6
File items scanned : 24127
File threats detected : 469

Trojan.Agent/Gen
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\intelUsb3Sevices
C:\WINDOWS\SYSTEM32\USBNIW32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\usbniw32
C:\WINDOWS\SYSTEM32\USBNIW32.DLL

PUP.StartNow Toolbar
HKU\S-1-5-21-1614895754-113007714-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\YHK0BYDH.txt [ /srv.clickfuse.com ]
C:\Documents and Settings\Owner\Cookies\AFB08SZX.txt [ /ru4.com ]
C:\Documents and Settings\Owner\Cookies\MQLR7ROB.txt [ /pro-market.net ]
C:\Documents and Settings\Owner\Cookies\UK049UQK.txt [ /zedo.com ]
C:\Documents and Settings\Owner\Cookies\YJ5F6XIC.txt [ /technoratimedia.com ]
C:\Documents and Settings\Owner\Cookies\WYHXS7AK.txt [ /content.yieldmanager.com ]
C:\Documents and Settings\Owner\Cookies\KJGG4UV1.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\Owner\Cookies\0ILHGQRL.txt [ /advertising.com ]
C:\Documents and Settings\Owner\Cookies\XK5HIPPN.txt [ /ads.glispa.com ]
C:\Documents and Settings\Owner\Cookies\L4KJLQXU.txt [ /imrworldwide.com ]
C:\Documents and Settings\Owner\Cookies\URVPY10I.txt [ /ads1.zenoviaexchange.com ]
C:\Documents and Settings\Owner\Cookies\8NQE3NDB.txt [ /tag.2bluemedia.hiro.tv ]
C:\Documents and Settings\Owner\Cookies\YC5HQ4OJ.txt [ /pointroll.com ]
C:\Documents and Settings\Owner\Cookies\KU9XOGYW.txt [ /in.getclicky.com ]
C:\Documents and Settings\Owner\Cookies\QEX6WAUB.txt [ /ad2.adfarm1.adition.com ]
C:\Documents and Settings\Owner\Cookies\C2XK56P2.txt [ /247realmedia.com ]
C:\Documents and Settings\Owner\Cookies\QMRHY2H7.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\Owner\Cookies\LKIBHNP0.txt [ /e-2dj6wjkysjd5wbq.stats.esomniture.com ]
C:\Documents and Settings\Owner\Cookies\W4HAD2YV.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Owner\Cookies\SL2P4UGK.txt [ /lfstmedia.com ]
C:\Documents and Settings\Owner\Cookies\976TDSVR.txt [ /ads.undertone.com ]
C:\Documents and Settings\Owner\Cookies\23CMTUL6.txt [ /questionmarket.com ]
C:\Documents and Settings\Owner\Cookies\RFO5C96F.txt [ /adfarm1.adition.com ]
C:\Documents and Settings\Owner\Cookies\FXZG9B0S.txt [ /tracking-technology.com ]
C:\Documents and Settings\Owner\Cookies\BNAWGS5O.txt [ /serving-sys.com ]
C:\Documents and Settings\Owner\Cookies\QF6ANSEV.txt [ /adxpose.com ]
C:\Documents and Settings\Owner\Cookies\09V0S2G0.txt [ /steelhousemedia.com ]
C:\Documents and Settings\Owner\Cookies\NS5OLYYW.txt [ /media6degrees.com ]
C:\Documents and Settings\Owner\Cookies\U86PSIF4.txt [ /estat.com ]
C:\Documents and Settings\Owner\Cookies\XR30GODF.txt [ /burstbeacon.com ]
C:\Documents and Settings\Owner\Cookies\C243VSYC.txt [ /clickfuse.com ]
C:\Documents and Settings\Owner\Cookies\Q6W2C0MH.txt [ /lucidmedia.com ]
C:\Documents and Settings\Owner\Cookies\P7PDL2KR.txt [ /realmedia.com ]
C:\Documents and Settings\Owner\Cookies\GATTATT2.txt [ /sales.liveperson.net ]
C:\Documents and Settings\Owner\Cookies\4M2S5UDB.txt [ /adfarm1.adition.com ]
C:\Documents and Settings\Owner\Cookies\3XAEGTG4.txt [ /tribalfusion.com ]
C:\Documents and Settings\Owner\Cookies\0LATL7IL.txt [ /liveperson.net ]
C:\Documents and Settings\Owner\Cookies\AUDIUNI6.txt [ /statcounter.com ]
C:\Documents and Settings\Owner\Cookies\2WNI0W21.txt [ /dmtracker.com ]
C:\Documents and Settings\Owner\Cookies\4KGEW5WD.txt [ /2o7.net ]
C:\Documents and Settings\Owner\Cookies\LCR1UL2X.txt [ /specificclick.net ]
C:\Documents and Settings\Owner\Cookies\W2MKZJW1.txt [ /zedo.com ]
C:\Documents and Settings\Owner\Cookies\CDOIW69Q.txt [ /eas.apm.emediate.eu ]
C:\Documents and Settings\Owner\Cookies\FGM01ATT.txt [ /lucidmedia.com ]
C:\Documents and Settings\Owner\Cookies\322GCFUV.txt [ /akamai.interclickproxy.com ]
C:\Documents and Settings\Owner\Cookies\511DWNJY.txt [ /myap.liveperson.com ]
C:\Documents and Settings\Owner\Cookies\G4PCID3Q.txt [ /apmebf.com ]
C:\Documents and Settings\Owner\Cookies\M75Y4PZQ.txt [ /paypal.112.2o7.net ]
C:\Documents and Settings\Owner\Cookies\ACCM2A6N.txt [ /media.adfrontiers.com ]
C:\Documents and Settings\Owner\Cookies\W80MW4AW.txt [ /fastclick.net ]
C:\Documents and Settings\Owner\Cookies\CMU8GKW3.txt [ /adbrite.com ]
C:\Documents and Settings\Owner\Cookies\L2HJQ0P4.txt [ /legolas-media.com ]
C:\Documents and Settings\Owner\Cookies\M8Y8LGME.txt [ /adtech.de ]
C:\Documents and Settings\Owner\Cookies\LUSODY2F.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\5YI4Q3LI.txt [ /interclick.com ]
C:\Documents and Settings\Owner\Cookies\EXIYRGNI.txt [ /a1.interclick.com ]
C:\Documents and Settings\Owner\Cookies\ZLAIDIUL.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\Owner\Cookies\QP620YTW.txt [ /eaeacom.112.2o7.net ]
C:\Documents and Settings\Owner\Cookies\II5WHAMF.txt [ /revsci.net ]
C:\Documents and Settings\Owner\Cookies\XAKGXNH1.txt [ /at.atwola.com ]
C:\Documents and Settings\Owner\Cookies\WXPG2BCE.txt [ /www.burstbeacon.com ]
C:\Documents and Settings\Owner\Cookies\G4IEFFLB.txt [ /atdmt.com ]
C:\Documents and Settings\Owner\Cookies\ZZ7DLHCL.txt [ /collective-media.net ]
C:\Documents and Settings\Owner\Cookies\HF317HLO.txt [ /pointroll.com ]
C:\Documents and Settings\Owner\Cookies\B9MXHEQL.txt [ /pro-market.net ]
C:\Documents and Settings\Owner\Cookies\IVJA33I7.txt [ /insightexpressai.com ]
C:\Documents and Settings\Owner\Cookies\L1VQTUSA.txt [ /content.yieldmanager.com ]
C:\Documents and Settings\Owner\Cookies\XVRO3BND.txt [ /realfoodmedia.advertserve.com ]
C:\Documents and Settings\Owner\Cookies\TM4IXHJG.txt [ /adbrite.com ]
C:\Documents and Settings\Owner\Cookies\2X4ZG8QR.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\Owner\Cookies\0LREMXAW.txt [ /questionmarket.com ]
C:\Documents and Settings\Owner\Cookies\AO3W68UU.txt [ /accounts.google.com ]
C:\Documents and Settings\Owner\Cookies\B0Q22GXY.txt [ /network.realmedia.com ]
C:\Documents and Settings\Owner\Cookies\6PQBUQIR.txt [ /network.realmedia.com ]
C:\Documents and Settings\Owner\Cookies\T3O8NQH4.txt [ /burstnet.com ]
C:\Documents and Settings\Owner\Cookies\Z5TV2MIF.txt [ /trafficmp.com ]
C:\Documents and Settings\Owner\Cookies\Q8QWMR88.txt [ /tribalfusion.com ]
C:\Documents and Settings\Owner\Cookies\4OHPHATN.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Owner\Cookies\9KX7IOUI.txt [ /e-2dj6wgl4gnajefp.stats.esomniture.com ]
C:\Documents and Settings\Owner\Cookies\N3C8OH13.txt [ /casalemedia.com ]
C:\Documents and Settings\Owner\Cookies\OTVIO6TY.txt [ /mediaplex.com ]
C:\Documents and Settings\Owner\Cookies\XSVZ95TZ.txt [ /www.burstnet.com ]
C:\Documents and Settings\Owner\Cookies\CX3BEY8Z.txt [ /ru4.com ]
C:\Documents and Settings\Owner\Cookies\JG4RHEE4.txt [ /www.mktrack.com ]
C:\Documents and Settings\Owner\Cookies\3JD2KWOC.txt [ /cdn.jemamedia.com ]
C:\Documents and Settings\Owner\Cookies\I1UJ4C9I.txt [ /clicksor.com ]
C:\Documents and Settings\Owner\Cookies\5XBXM1JL.txt [ /ads.blubster.com ]
C:\Documents and Settings\Owner\Cookies\TL6R4Z2R.txt [ /liveperson.net ]
C:\Documents and Settings\Owner\Cookies\110THBR1.txt [ /doubleclick.net ]
C:\Documents and Settings\Owner\Cookies\5EZ68UNS.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Owner\Cookies\QOOTJGDF.txt [ /serving-sys.com ]
C:\Documents and Settings\Owner\Cookies\B7XRYKJ2.txt [ /warnerbros.112.2o7.net ]
C:\Documents and Settings\Owner\Cookies\8YE8TBL1.txt [ /invitemedia.com ]
C:\Documents and Settings\Owner\Cookies\GHXB1MN8.txt [ /imrworldwide.com ]
C:\Documents and Settings\Owner\Cookies\G1OMDRH6.txt [ /1sadx.net ]
C:\Documents and Settings\Owner\Cookies\MUS1MN34.txt [ /dc.tremormedia.com ]
C:\Documents and Settings\Owner\Cookies\W3X0JEAG.txt [ /liveperson.net ]
C:\Documents and Settings\Owner\Cookies\IIDYTKWN.txt [ /mediaplex.com ]
C:\Documents and Settings\Owner\Cookies\8198YS79.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Owner\Cookies\WJATO1YJ.txt [ /openx1.overadmedia.com ]
C:\Documents and Settings\Owner\Cookies\6S49WBER.txt [ /stat.onestat.com ]
C:\Documents and Settings\Owner\Cookies\W3TS7AF7.txt [ /myroitracking.com ]
C:\Documents and Settings\Owner\Cookies\HNLNUVRG.txt [ /server.cpmstar.com ]
C:\Documents and Settings\Owner\Cookies\UFZQ5JXU.txt [ /thetrafficstat.net ]
C:\Documents and Settings\Owner\Cookies\P78B0A2P.txt [ /media6degrees.com ]
C:\Documents and Settings\Owner\Cookies\F1821SC9.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\Owner\Cookies\US2DP0JN.txt [ /ar.atwola.com ]
C:\Documents and Settings\Owner\Cookies\ROA88TQ3.txt [ /revsci.net ]
C:\Documents and Settings\Owner\Cookies\BX11FP0D.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Owner\Cookies\UBNMOAUG.txt [ /eas.apm.emediate.eu ]
C:\Documents and Settings\Owner\Cookies\WSU2PS75.txt [ /invitemedia.com ]
C:\Documents and Settings\Owner\Cookies\IVCTJ22N.txt [ /atdmt.com ]
C:\Documents and Settings\Owner\Cookies\Q3SIWDOA.txt [ /ad.wsod.com ]
C:\Documents and Settings\Owner\Cookies\0FWMT88N.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Owner\Cookies\OAQNIBKI.txt [ /doubleclick.net ]
C:\Documents and Settings\Owner\Cookies\GILN1OSJ.txt [ /eclickz.com ]
C:\Documents and Settings\Owner\Cookies\1W37OLCI.txt [ /apartmentfinder.com ]
C:\Documents and Settings\Owner\Cookies\I34HG83K.txt [ /andomedia.com ]
C:\Documents and Settings\Owner\Cookies\SGQESQL6.txt [ /ads.undertone.com ]
C:\Documents and Settings\Owner\Cookies\39OTZKIZ.txt [ /clicks.thespecialsearch.com ]
C:\Documents and Settings\Owner\Cookies\EESV46TW.txt [ /getclicky.com ]
C:\Documents and Settings\Owner\Cookies\K7KDXIU1.txt [ /in.getclicky.com ]
C:\Documents and Settings\Owner\Cookies\ST1GDF3C.txt [ /adnetwork.net ]
C:\Documents and Settings\Owner\Cookies\4JDQ44I6.txt [ /pettracker.com ]
C:\Documents and Settings\Owner\Cookies\9Q1TC4KC.txt [ /data.coremetrics.com ]
C:\Documents and Settings\Owner\Cookies\FWUBM9G3.txt [ /collective-media.net ]
C:\Documents and Settings\Owner\Cookies\HZ3XZEI7.txt [ /burstbeacon.com ]
C:\Documents and Settings\Owner\Cookies\R7TPY8AT.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Owner\Cookies\WS8X0R38.txt [ /kanoodle.com ]
C:\Documents and Settings\Owner\Cookies\HAI5JKM9.txt [ /search.eclickz.com ]
C:\Documents and Settings\Owner\Cookies\3PEIJRKK.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\Owner\Cookies\WVGT8BCI.txt [ /realmedia.com ]
C:\Documents and Settings\Owner\Cookies\2LMAJY97.txt [ /click.expandsearchanswers.com ]
C:\Documents and Settings\Owner\Cookies\5B38EPDZ.txt [ /www.burstbeacon.com ]
C:\Documents and Settings\Owner\Cookies\XO40SXGH.txt [ /mediatraffic.com ]
C:\Documents and Settings\Owner\Cookies\92MUTXMU.txt [ /gotacha.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\Owner\Cookies\386YBU1F.txt [ /at.atwola.com ]
C:\Documents and Settings\Owner\Cookies\LE9U9D29.txt [ /uiadserver.com ]
C:\Documents and Settings\Owner\Cookies\EL5G3ZHE.txt [ /burstnet.com ]
C:\Documents and Settings\Owner\Cookies\YGRFH5HY.txt [ /insightexpressai.com ]
C:\Documents and Settings\Owner\Cookies\H3WFZ42R.txt [ /www.apartmentfinder.com ]
C:\Documents and Settings\Owner\Cookies\FQP4PXK8.txt [ /yieldmanager.net ]
C:\Documents and Settings\Owner\Cookies\W2Y5LQVW.txt [ /adxpose.com ]
C:\Documents and Settings\Owner\Cookies\T0RD1EQU.txt [ /apmebf.com ]
C:\Documents and Settings\Owner\Cookies\V33TZKUV.txt [ /ox-d.fondnessmedia.com ]
C:\Documents and Settings\Owner\Cookies\Y78MNQ22.txt [ /legolas-media.com ]
C:\Documents and Settings\Owner\Cookies\993I07DV.txt [ /ox-d.adservermedia.com ]
C:\Documents and Settings\Owner\Cookies\6UCJV34N.txt [ /ad2.adfarm1.adition.com ]
C:\Documents and Settings\Owner\Cookies\LZFFEESC.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\Owner\Cookies\O6KUXHGH.txt [ /ads.parkingpath.com ]
C:\Documents and Settings\Owner\Cookies\APYB3G6R.txt [ /openx.overadmedia.com ]
C:\Documents and Settings\Owner\Cookies\92PGA2KS.txt [ /casalemedia.com ]
C:\Documents and Settings\Owner\Cookies\AH41M4QH.txt [ /ads.shopstyle.com ]
C:\Documents and Settings\Owner\Cookies\73GWXYEX.txt [ /click.get-answers-fast.com ]
C:\Documents and Settings\Owner\Cookies\JXLRCB5D.txt [ /tag.2bluemedia.hiro.tv ]
C:\Documents and Settings\Owner\Cookies\0G1C2Y72.txt [ /server.cpmstar.com ]
C:\Documents and Settings\Owner\Cookies\A5BO3Z5P.txt [ /advertising.sheknows.com ]
C:\Documents and Settings\Owner\Cookies\7LPXOWUD.txt [ /statcounter.com ]
C:\Documents and Settings\Owner\Cookies\EF0HHFVN.txt [ /intermundomedia.com ]
C:\Documents and Settings\Owner\Cookies\UAYDQJGJ.txt [ /247realmedia.com ]
C:\Documents and Settings\Owner\Cookies\I3QJ97TG.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\Owner\Cookies\1EKGY775.txt [ /adtech.de ]
C:\Documents and Settings\Owner\Cookies\6MMKQKLH.txt [ /advertising.ezanga.com ]
C:\Documents and Settings\Owner\Cookies\BX2AM6JL.txt [ /click.search-fast-results.com ]
C:\Documents and Settings\Owner\Cookies\10QSDDD3.txt [ /click.primosearch.com ]
C:\Documents and Settings\Owner\Cookies\7V5N423T.txt [ /mm.chitika.net ]
C:\Documents and Settings\Owner\Cookies\B5HT77VS.txt [ /advertising.com ]
C:\Documents and Settings\Owner\Cookies\H1R8QDQA.txt [ /redirect.adservesystem.com ]
C:\Documents and Settings\Owner\Cookies\M22WU9W1.txt [ /totalbeauty.112.2o7.net ]
C:\Documents and Settings\Owner\Cookies\3531P0X7.txt [ /citygridmedia.com ]
C:\Documents and Settings\Owner\Cookies\SLDDJ8DV.txt [ /findology.com ]
C:\Documents and Settings\Owner\Cookies\HUBA74X6.txt [ /enhance.com ]
C:\Documents and Settings\Owner\Cookies\16PJ9GHZ.txt [ /specificclick.net ]
C:\Documents and Settings\Owner\Cookies\N6E8SICR.txt [ /2o7.net ]
C:\Documents and Settings\Owner\Cookies\MB0WV16F.txt [ /www.burstnet.com ]
C:\Documents and Settings\Owner\Cookies\Y9N5JA8Q.txt [ /fastclick.net ]
C:\Documents and Settings\Owner\Cookies\K3YJNWX7.txt [ /ads.gamersmedia.com ]
C:\Documents and Settings\Owner\Cookies\RH3B54Z0.txt [ /avanquest.upclick.com ]
C:\Documents and Settings\Owner\Cookies\TJGDDX6J.txt [ /xml.happytofind.com ]
C:\Documents and Settings\Owner\Cookies\6KYCG7P7.txt [ /click.pmi5media.com ]
C:\Documents and Settings\Owner\Cookies\FM0MMXW0.txt [ /fromtofind.com ]
C:\Documents and Settings\Owner\Cookies\HRCJV1RR.txt [ /openstat.net ]
C:\Documents and Settings\Owner\Cookies\J78RIA7U.txt [ /mars.112.2o7.net ]
C:\Documents and Settings\Owner\Cookies\XX0FBIKD.txt [ /ads.lycos.com ]
C:\Documents and Settings\Owner\Cookies\61RREQ2N.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\YY7ZL6I2.txt [ /atwola.com ]
C:\Documents and Settings\Owner\Cookies\300UHMD7.txt [ /a1.interclick.com ]
C:\Documents and Settings\Owner\Cookies\AP0V3NXX.txt [ /rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\Owner\Cookies\B1VWA9BK.txt [ /upclick.com ]
C:\Documents and Settings\Owner\Cookies\F83BCOE5.txt [ /ads.redorbit.com ]
C:\Documents and Settings\Owner\Cookies\QXUWXXML.txt [ /bridge1.admarketplace.net ]
C:\Documents and Settings\Owner\Cookies\EZSPCZ55.txt [ /www.crackle.com ]
C:\Documents and Settings\Owner\Cookies\1802UJVQ.txt [ /eyewonder.com ]
C:\Documents and Settings\Owner\Cookies\ZUH0DBHS.txt [ /interclick.com ]
C:\Documents and Settings\Owner\Cookies\LLIXBS97.txt [ /keepufind.com ]
C:\Documents and Settings\Owner\Cookies\W61PWCPH.txt [ /thcfinder.com ]
C:\Documents and Settings\Owner\Cookies\E2A1MXXL.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\UJMO2QU6.txt [ /ewstv.112.2o7.net ]
C:\Documents and Settings\Owner\Cookies\ODSPE5DN.txt [ /www.eztrackz.com ]
C:\Documents and Settings\Owner\Cookies\URXJKDUD.txt [ /ad.360yield.com ]
C:\Documents and Settings\Owner\Cookies\0ZVGI8E8.txt [ /www.shefinds.com ]
C:\Documents and Settings\Owner\Cookies\F5FLX4GS.txt [ /adserver.gameads.com ]
C:\Documents and Settings\Owner\Cookies\FS5PCWHF.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\JO72MOZD.txt [ /martiniadnetwork.com ]
C:\Documents and Settings\Owner\Cookies\JLQBVZPJ.txt [ /miva.cinomedia.com ]
C:\Documents and Settings\Owner\Cookies\XQOYIPNV.txt [ /ads.blogtalkradio.com ]
C:\Documents and Settings\Owner\Cookies\CHF4B3AS.txt [ /adserver.adreactor.com ]
C:\Documents and Settings\Owner\Cookies\I8CAUGLO.txt [ /static.getclicky.com ]
C:\Documents and Settings\Owner\Cookies\TFCJQGF9.txt [ /www.pornhub.com ]
C:\Documents and Settings\Owner\Cookies\OH8ZFG6Q.txt [ /www.mrmtrack.com ]
C:\Documents and Settings\Owner\Cookies\GXY9X28X.txt [ /ads.adoptimized.com ]
C:\Documents and Settings\Owner\Cookies\QQXWQKX4.txt [ /adup.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\Owner\Cookies\717GPG72.txt [ /click.pmi5media.com ]
C:\Documents and Settings\Owner\Cookies\1U0K67VQ.txt [ /seek-media.com ]
C:\Documents and Settings\Owner\Cookies\I9J1PDJV.txt [ /crackle.com ]
C:\Documents and Settings\Owner\Cookies\USTR6CW2.txt [ /ads.saymedia.com ]
C:\Documents and Settings\Owner\Cookies\QFVLG42W.txt [ /hhm.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\Owner\Cookies\VHDOUIIK.txt [ /linksynergy.com ]
C:\Documents and Settings\Owner\Cookies\HF8KDVVN.txt [ /t.pointroll.com ]
C:\Documents and Settings\Owner\Cookies\3QNFB5YS.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\Owner\Cookies\CLLU170R.txt [ /accounts.youtube.com ]
C:\Documents and Settings\Owner\Cookies\MDQCSDHY.txt [ /entrepreneur.com ]
C:\Documents and Settings\Owner\Cookies\TT6ETQP0.txt [ /ldproducts.122.2o7.net ]
C:\Documents and Settings\Owner\Cookies\4W53V3QW.txt [ /liveperson.net ]
C:\Documents and Settings\Owner\Cookies\FTQ14NVQ.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\Owner\Cookies\LW9D4LJX.txt [ /www.shefinds.com ]
C:\Documents and Settings\Owner\Cookies\LJHVZVLN.txt [ /microsoftsto.112.2o7.net ]
C:\Documents and Settings\Owner\Cookies\BADMTLPQ.txt [ /www.shefinds.com ]
C:\Documents and Settings\Owner\Cookies\AC3PZLM7.txt [ /admarketplace.net ]
C:\Documents and Settings\Owner\Cookies\UDZYVS2Z.txt [ /ads.24hlocalservices.com ]
C:\Documents and Settings\Owner\Cookies\P8MB8JLI.txt [ /ads.footar.com ]
C:\Documents and Settings\Owner\Cookies\43XQK58U.txt [ /adlegend.com ]
C:\Documents and Settings\Owner\Cookies\B3TXOI9M.txt [ /xml.trafficengine.net ]
C:\Documents and Settings\Owner\Cookies\8EDEVZLN.txt [ /ads.ad4game.com ]
C:\Documents and Settings\Owner\Cookies\O9Y1KVV3.txt [ /2americanexpress.122.2o7.net ]
C:\Documents and Settings\Owner\Cookies\YL0TBTH8.txt [ /intermundomedia.com ]
C:\Documents and Settings\Owner\Cookies\4UF06TW3.txt [ /tag.mediashakers.hiro.tv ]
C:\Documents and Settings\Owner\Cookies\LION5RON.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Owner\Cookies\TC4HJDTD.txt [ /click.get-answers-fast.com ]
C:\Documents and Settings\Owner\Cookies\KQID3Q22.txt [ /server.iad.liveperson.net ]
C:\Documents and Settings\Owner\Cookies\8OQO01BL.txt [ /myroitracking.com ]
C:\Documents and Settings\Owner\Cookies\VDBUNB73.txt [ /ads.financialcontent.com ]
C:\Documents and Settings\Owner\Cookies\IIR0AU0I.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\NVAIL4MK.txt [ /kontera.com ]
C:\Documents and Settings\Owner\Cookies\8FK36NUC.txt [ /trafficmp.com ]
C:\Documents and Settings\Owner\Cookies\LT2W1ZTS.txt [ /delivery.adserver.manutd.com ]
C:\Documents and Settings\Owner\Cookies\EL6MZ15X.txt [ /ox-d.matchflowmedia.com ]
C:\Documents and Settings\Owner\Cookies\7MDC011A.txt [ /clicksor.com ]
C:\Documents and Settings\Owner\Cookies\FKCARYG6.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\GU8DVVHG.txt [ /clickbank.net ]
C:\Documents and Settings\Owner\Cookies\5S2IQK27.txt [ /hpi.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\Owner\Cookies\DB6JQIYV.txt [ /micklemedia.com ]
C:\Documents and Settings\Owner\Cookies\TF6WGAWI.txt [ /ads.wsrs.net ]
C:\Documents and Settings\Owner\Cookies\96TQ20WT.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Owner\Cookies\LJJP34QY.txt [ /shefinds.com ]
C:\Documents and Settings\Owner\Cookies\QYPJU5YP.txt [ /hotlog.ru ]
C:\Documents and Settings\Owner\Cookies\RMV7L5L0.txt [ /clickcountr.com ]
C:\Documents and Settings\Owner\Cookies\OHT0ADTO.txt [ /content.yieldmanager.com ]
C:\Documents and Settings\Owner\Cookies\QH13WUSL.txt [ /adx.kat.ph ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\YNYFN7A4.txt [ Cookie:bob marley@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\BYVOY7M8.txt [ Cookie:bob marley@roughcountry.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\FIF3B0NF.txt [ Cookie:bob marley@e-2dj6whkokmdpgbp.stats.esomniture.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\SDXSDWWU.txt [ Cookie:bob marley@c.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\ANWKNXDJ.txt [ Cookie:bob marley@akamai.interclickproxy.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\F364T7TO.txt [ Cookie:bob marley@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\BMFYYKBJ.txt [ Cookie:bob marley@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\KHLJ1WAH.txt [ Cookie:bob marley@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\XX35FH65.txt [ Cookie:bob marley@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\YUY5FL4E.txt [ Cookie:bob marley@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\BU9E2F5I.txt [ Cookie:bob marley@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\2H72DO93.txt [ Cookie:bob marley@ads.adultswim.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\OI2VRMZA.txt [ Cookie:bob marley@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\R8LJPTZ2.txt [ Cookie:bob marley@media2.legacy.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\1LKQODH1.txt [ Cookie:bob marley@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\8UX60UDL.txt [ Cookie:bob marley@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\IKDWK6UY.txt [ Cookie:bob marley@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\J49N7OO5.txt [ Cookie:bob marley@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\ZI0BSD2Z.txt [ Cookie:bob marley@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\YV5JYVKJ.txt [ Cookie:bob marley@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\A738SVLQ.txt [ Cookie:bob marley@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\S9EJTB2C.txt [ Cookie:bob marley@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\QICRP3LL.txt [ Cookie:bob marley@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\Y190VB88.txt [ Cookie:bob marley@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\D5D299BA.txt [ Cookie:bob marley@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\19AYCT7M.txt [ Cookie:bob marley@traveladvertising.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\CS96L2XA.txt [ Cookie:bob marley@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\6SDS8ZWY.txt [ Cookie:bob marley@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\NQUM70QF.txt [ Cookie:bob marley@www.googleadservices.com/pagead/conversion/995553404/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\5CJMRMQV.txt [ Cookie:bob marley@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\XIUOASBU.txt [ Cookie:bob marley@adultswim.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\VP61RV6N.txt [ Cookie:bob marley@amazon-adsystem.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\0TXNRTFO.txt [ Cookie:bob marley@atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\BNR8CDDM.txt [ Cookie:bob marley@www.googleadservices.com/pagead/conversion/1018185704/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\4OYC3UH8.txt [ Cookie:bob marley@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\1IXYSN7K.txt [ Cookie:bob marley@zedo.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\9ISQBKJP.txt [ Cookie:bob marley@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\571N9OLQ.txt [ Cookie:bob marley@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\14BVR3P4.txt [ Cookie:bob marley@eaeacom.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\T3POBW4Z.txt [ Cookie:bob marley@msnportal.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\8RE32GZC.txt [ Cookie:bob marley@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\JY8OXFC7.txt [ Cookie:bob marley@games.adultswim.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\086KMI0O.txt [ Cookie:bob marley@mediabrandsww.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\FI8MT2Y7.txt [ Cookie:bob marley@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\BOB MARLEY\Cookies\4UGLXFZU.txt [ Cookie:bob marley@yadro.ru/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HTAQVSQY.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZINEJ7K1.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GL2VANT1.txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2OVY2NI5.txt [ Cookie:system@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KGGJ1QWI.txt [ Cookie:system@ads.gamersmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\I5LFNBA6.txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AVQUCZIU.txt [ Cookie:system@seek-more.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OSPADKAE.txt [ Cookie:system@lovecomm.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YSB1WIKD.txt [ Cookie:system@dmtracker.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZFZL4XFU.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UYCFTC8M.txt [ Cookie:system@myroitracking.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NCG5Y60S.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OIOZCHM2.txt [ Cookie:system@dmfind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HN0FOYR9.txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\R63Z049L.txt [ Cookie:system@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VLO2Z72I.txt [ Cookie:system@marchex.bafind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6CZVQW3V.txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PCBTT6OM.txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AUWSXS67.txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\22P6IONR.txt [ Cookie:system@avastats.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\T9QM65NV.txt [ Cookie:system@eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WB7VXNIP.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\20AG6GXV.txt [ Cookie:system@apartmentfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CTNBV8MG.txt [ Cookie:system@adnetwork.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Z73RILAH.txt [ Cookie:system@stats.ilivid.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WZHLZ1FQ.txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WOL80G49.txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2ZOYFUG8.txt [ Cookie:system@kanoodle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QR4ND0W4.txt [ Cookie:system@search.eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Y3VQM58M.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\G7T62UJR.txt [ Cookie:system@uiadserver.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SJEGNLDM.txt [ Cookie:system@gsimedia.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\19U3HJLZ.txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YOAY0YZF.txt [ Cookie:system@ghmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HN2WK2DI.txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\094BLZS8.txt [ Cookie:system@ajpn.rotator.hadj1.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4720N99Y.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LV35NKC9.txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UQSK8QO7.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\K5IRVVLK.txt [ Cookie:system@adup.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FQIUDMTE.txt [ Cookie:system@ox-d.fondnessmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\V18Q8STT.txt [ Cookie:system@zero-seek.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TY3B8DAF.txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KHSEADG3.txt [ Cookie:system@ox-d.adservermedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WN1J6HY6.txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AXQXJ4EN.txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AUHA7BEE.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QBD7SFZ5.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\USXIBD9C.txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XMLAZ8R2.txt [ Cookie:system@greatestsearchresults.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ETTU8TES.txt [ Cookie:system@www.ibario.com/tools/tracking/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AELWHBSM.txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YV18J2A4.txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\T0X7TG85.txt [ Cookie:system@247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YK6UWKUR.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6ZM2H6AD.txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Z3MJF3M1.txt [ Cookie:system@advertising.ezanga.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JR2P46DH.txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9VB42HA1.txt [ Cookie:system@clicksor.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OK81Y8FH.txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0H18RY0G.txt [ Cookie:system@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZSPIJOYU.txt [ Cookie:system@c.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XZTDJCBT.txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CQZTHCLW.txt [ Cookie:system@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7FX57PT1.txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KZUE9YX5.txt [ Cookie:system@indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8K5B76JU.txt [ Cookie:system@friendfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VWK1FZO5.txt [ Cookie:system@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JBV3QCQ4.txt [ Cookie:system@stat.onestat.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6QBW6B16.txt [ Cookie:system@fromtofind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PVEW5D0L.txt [ Cookie:system@gamersmedia.com/servlet/ajrotator/track/pt1208644 ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\69LDJRIN.txt [ Cookie:system@hpi.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5GPWG6FD.txt [ Cookie:system@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\856EBFH2.txt [ Cookie:system@goclicker.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CAONR4UY.txt [ Cookie:system@optimize.indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\W1PDRERK.txt [ Cookie:system@rotator.adjuggler.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\K1ZRGBU2.txt [ Cookie:system@bluesearchonline.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4G7S0U2Z.txt [ Cookie:system@ezsearchresults.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\B4EY0ATZ.txt [ Cookie:system@clicks.thespecialsearch.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4N8AXPGZ.txt [ Cookie:system@canaldigitalfrance.solution.weborama.fr/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7CIO0QE1.txt [ Cookie:system@adinterax.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UQFUXQDX.txt [ Cookie:system@getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L2FYKZVH.txt [ Cookie:system@webstats.aetna.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\735DE7SH.txt [ Cookie:system@d.mediaforge.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YREIZ6JY.txt [ Cookie:system@burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6D8E8ZK8.txt [ Cookie:system@www.shefinds.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\561BNGKZ.txt [ Cookie:system@c.gigcount.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\G9F3OXRV.txt [ Cookie:system@timmyporn.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2I8J32BF.txt [ Cookie:system@teengarage.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MB1IYXE2.txt [ Cookie:system@amazon-adsystem.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PKE5J4GM.txt [ Cookie:system@www.adserving.pixfuture.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NK4YXIV8.txt [ Cookie:system@cleangreenfind.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\BNM3G5SF.txt [ Cookie:system@lfstmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8HV2G7Z4.txt [ Cookie:system@ads.bridgetrack.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2WFZHOS6.txt [ Cookie:system@www.burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0766M5I9.txt [ Cookie:system@martiniadnetwork.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GB32L13P.txt [ Cookie:system@www.apartmentfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QXLRM8F7.txt [ Cookie:system@crackle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\J8HCW1MB.txt [ Cookie:system@ads.saymedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0P23MUTY.txt [ Cookie:system@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\N7OJA7B9.txt [ Cookie:system@hhm.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SFW1FRMJ.txt [ Cookie:system@cn.clickable.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0PTNI6UD.txt [ Cookie:system@sadsearch.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\K6GAYQ14.txt [ Cookie:system@t.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L4XGUG2G.txt [ Cookie:system@openx.overadmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4P8MW2JT.txt [ Cookie:system@shefinds.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IO2R1BDA.txt [ Cookie:system@entrepreneur.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PIC41204.txt [ Cookie:system@kontera.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\B9516BAN.txt [ Cookie:system@tag.2bluemedia.hiro.tv/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4YWYQB0E.txt [ Cookie:system@mtvn.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8U6OMXN3.txt [ Cookie:system@dirtyxxxtube.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Y5RE5B8T.txt [ Cookie:system@madethecut.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\72T8T1DA.txt [ Cookie:system@server.cpmstar.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HARGR4SF.txt [ Cookie:system@redorbit.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1IT239S8.txt [ Cookie:system@best-neighborhood-search.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7PN88J06.txt [ Cookie:system@perfectsearchengines.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\N2RQZFJO.txt [ Cookie:system@xml.trafficengine.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WVH28RI7.txt [ Cookie:system@bullzeye.rotator.hadj1.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1WX3Y98R.txt [ Cookie:system@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RQ9JQ391.txt [ Cookie:system@yadro.ru/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ULYQBK8D.txt [ Cookie:system@click.get-answers-fast.com/ads-clicktrack/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NZLB15VN.txt [ Cookie:system@google.com/policies/privacy/ads/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CZNWIWNC.txt [ Cookie:system@pluckit.demandmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\U7VM4EWL.txt [ Cookie:system@ads.redorbit.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CRSPT5P5.txt [ Cookie:system@eyeviewads.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AHGZ0Y0U.txt [ Cookie:system@www.omgtracking.info/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1NH9A41U.txt [ Cookie:system@keepufind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\BYGD7A21.txt [ Cookie:system@delivery.adserver.manutd.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KR4OWXQJ.txt [ Cookie:system@drivingaroundthetrack.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SJRT33KH.txt [ Cookie:system@histats.com/stats/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\M0MMP4NO.txt [ Cookie:system@static.getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3BY4H1LQ.txt [ Cookie:system@micklemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ML4TWDI8.txt [ Cookie:system@mediaforge.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1EH24L1Q.txt [ Cookie:system@seek-home.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9F03Q61X.txt [ Cookie:system@click.pmi5media.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WJ01M0ZM.txt [ Cookie:system@boom-find.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QZ25USAB.txt [ Cookie:system@statse.webtrendslive.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XSNOGCJT.txt [ Cookie:system@webstats.aetna.com/dcs9a1185100004ztp0jf250k_5o4s ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TD422W05.txt [ Cookie:system@liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GOD7P6FX.txt [ Cookie:system@advertising.sheknows.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4SYDL5GB.txt [ Cookie:system@azjmp.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\38VZIT19.txt [ Cookie:system@cdmedia.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1ECDAG54.txt [ Cookie:system@smartadserver.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SJ35M7WF.txt [ Cookie:system@content.yieldmanager.com/ak/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8YQZ6JH9.txt [ Cookie:system@click.search-fast-results.com/ads-clicktrack/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FWGM0C46.txt [ Cookie:system@tag.mediashakers.hiro.tv/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LQ27PS4L.txt [ Cookie:system@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\35K5WY68.txt [ Cookie:system@www.crackle.com/shows/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Q3TQWYNH.txt [ Cookie:system@totalbeauty.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LRPCXBFD.txt [ Cookie:system@citygridmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\07NXCCV4.txt [ Cookie:system@server.iad.liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2B3FPZZP.txt [ Cookie:system@traveladvertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RUBAG2HS.txt [ Cookie:system@clickcountr.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZSRUSEWA.txt [ Cookie:system@youngbucks.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\8MV317GD.txt [ Cookie:owner@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\DUXXOCMG.txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\UA7SGL0D.txt [ Cookie:system@bestsitesearch.com/click/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\7U3LRA39.txt [ Cookie:system@greatestsearchresults.com/click/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\KCKTUFZE.txt [ Cookie:system@gotta-get.com/click/ ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\7XE1SUS2.txt [ Cookie:owner@www.google.com/accounts ]
C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\WJ88H8XM.txt [ Cookie:system@www.ibario.com/tools/tracking/ ]

Trace.Known Threat Sources
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\RMQOE13K\59b8caa9266b8_2174314[1].flv [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\3TWFI8HD\crossdomain[2].xml [ cache:wista ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\3NTDVQZL\ee9cee4163ed3_2174492[1].flv [ cache:wista ]

Re: rundll32 error / virus ?6th May 2012, 2:25 pm

Good Morning, I think. I managed to run 2 of the scans and attached the logs above. When the system restarted it said it cound not find rundll32 again and it asked me to verify valid microsoft security essentials, it was already loaded and working fine.
Thank you for all your help I appreciate it very much.

Re: rundll32 error / virus ?6th May 2012, 6:39 pm

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*****************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

rundll32 error / virus ? NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

rundll32 error / virus ? NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

rundll32 error / virus ? RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

rundll32 error / virus ? Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Re: rundll32 error / virus ?11th May 2012, 2:50 pm

SuperDave
You are the BEST
Thank You for all your help!!

Re: rundll32 error / virus ?11th May 2012, 6:18 pm

heather l white wrote:

SuperDave
You are the BEST
Thank You for all your help!!

We're not yet finished. Are you bailing on me?

rundll32 error / virus ?

descriptionrundll32 error / virus ?5th May 2012, 9:48 pm

descriptionRe: rundll32 error / virus ?5th May 2012, 9:49 pm

descriptionRe: rundll32 error / virus ?5th May 2012, 9:50 pm

descriptionRe: rundll32 error / virus ?5th May 2012, 9:51 pm

descriptionRe: rundll32 error / virus ?5th May 2012, 11:18 pm

descriptionRe: rundll32 error / virus ?6th May 2012, 12:50 am

descriptionRe: rundll32 error / virus ?6th May 2012, 1:39 am

descriptionRe: rundll32 error / virus ?6th May 2012, 2:17 pm

descriptionRe: rundll32 error / virus ?6th May 2012, 2:20 pm

descriptionRe: rundll32 error / virus ?6th May 2012, 2:25 pm

descriptionRe: rundll32 error / virus ?6th May 2012, 6:39 pm

descriptionRe: rundll32 error / virus ?11th May 2012, 2:50 pm

descriptionRe: rundll32 error / virus ?11th May 2012, 6:18 pm

descriptionRe: rundll32 error / virus ?