Solved Win XP Pro desktop running extemely slow last four days

Status
Not open for further replies.

ecobuilder

Posts: 69   +0
Everything is slow. Clicking start button takes two minutes to come up. Even changing tabs on Chrome or Firefox takes a minute or two. Same thing with launching a program.

Scanned with Avira, MBAM, SuperAntiSpyware, Spybot S&D, and cleaned registry with CCleaner. SuperAntiSpyware quarantined and deleted 1 Adware item. Nothing else detected with others.

Haven't restarted since Fri. June 17.

System:

OS: Win XP Pro
Pentium P4 3.0 GHz (2004)
4x1G Ram (approx. 3G recognized)
Asus P4C800 deluxe MB
ATI Radeon HD 3850 AGP
C: Seagate 160GB SATA
E: Maxtor 80GB PATA
K: Seagate 750GB SATA
Samsung DVD/CD Burner

Firefox browser used 99.9%

Will post logs as per 8 step post.
 
MBAM, GMER, DDS logs

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6888

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/06/2011 10:19:29 AM
mbam-log-2011-06-20 (10-19-28).txt

Scan type: Full scan (C:\|E:\|K:\|)
Objects scanned: 389155
Time elapsed: 28 hour(s), 38 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-20 15:29:53
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19 ST3160023AS rev.3.18
Running: ye716iok.exe; Driver: C:\DOCUME~1\MSPOLE~1\LOCALS~1\Temp\kxriapod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR1 MBR read error
Disk \Device\Harddisk1\DR1 MBR BIOS signature not found 0

---- System - GMER 1.0.15 ----

SSDT spfb.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spfb.sys ZwEnumerateValueKey [0xF74F6030]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-24 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-19 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\ash1rlqz \Device\Scsi\ash1rlqz1 8A6BF500
Device \Driver\ash1rlqz \Device\Scsi\ash1rlqz1Port5Path0Target0Lun0 8A6BF500
Device \Driver\FGXSCSI \Device\Scsi\FGXSCSI1Port6Path0Target0Lun0 8B1DF1F8
Device \Driver\UlSata \Device\Scsi\UlSata1 8B16D1F8
Device \Driver\FGXSCSI \Device\Scsi\FGXSCSI1 8B1DF1F8
Device \Driver\UlSata \Device\Scsi\UlSata1Port4Path0Target0Lun0 8B16D1F8
Device \FileSystem\Ntfs \Ntfs 8B16C1F8
Device \FileSystem\Fastfat \Fat 89BC6500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Run by M Spoletini at 14:31:02 on 2011-06-20
.
============== Running Processes ===============
.
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Documents and Settings\M Spoletini\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\M Spoletini\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\M Spoletini\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\M Spoletini\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\PC Wizard 2008\PC Wizard.exe
C:\Program Files\PC Wizard 2008\pcwizard.dll
C:\Documents and Settings\M Spoletini\My Documents\Downloads\ye716iok.exe
C:\Documents and Settings\M Spoletini\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sympatico.msn.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer Provided by SHAW Internet
mWindow Title = Internet Explorer Provided by SHAW Internet
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {741D5D7D-6447-495C-92A2-601235354A18} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: {b5b740ea-16fd-4d40-abbe-4a1a46ebc852} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [SpybotDeletingB5495] command /c del "c:\windows\SchedLgU.Txt"
uRunOnce: [SpybotDeletingD3934] cmd /c del "c:\windows\SchedLgU.Txt"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [SoundMax] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [<NO NAME>]
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [SpybotDeletingA5846] command /c del "c:\windows\SchedLgU.Txt"
mRunOnce: [SpybotDeletingC2252] cmd /c del "c:\windows\SchedLgU.Txt"
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
Trusted Zone: cochranelakes.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/da/PCPitStop.CAB
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://abmls.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {57D21206-8ECD-4558-B84D-E9306F157BE4} - hxxp://alta.registries.gov.ab.ca/SpinII/cabs/ATLMapLegend.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208987734500
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://abmls.mlxchange.com/Control/MLXClientUtils.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://abmls.mlxchange.com/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9AD9B5EB-F9E0-47D4-B20F-C29D58C6F5E1} - hxxp://alta.registries.gov.ab.ca/SpinII/cabs/WayToIndex.CAB
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38016.6201967593
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
TCP: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
TCP: Interfaces\{16D4EDF1-757B-408D-A9F4-4EE8B71FE865} : NameServer = 64.59.135.143,64.59.135.145
TCP: Interfaces\{16D4EDF1-757B-408D-A9F4-4EE8B71FE865} : DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
TCP: Interfaces\{1AB7E51A-724C-434C-8AC0-71643E7D31F3} : DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
TCP: Interfaces\{3D46AAC8-6334-44C9-A15A-CCCBD596990D} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap c:\windows\system32\mljjj
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\m spoletini\application data\mozilla\firefox\profiles\bsfrh8vj.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Documents and Settings/M Spoletini/My Documents/EIGHT-firefox start page/index.htm
FF - component: c:\documents and settings\m spoletini\application data\mozilla\firefox\profiles\bsfrh8vj.default\extensions\firefoxk2@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll
FF - component: c:\documents and settings\m spoletini\application data\mozilla\firefox\profiles\bsfrh8vj.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\documents and settings\m spoletini\application data\mozilla\firefox\profiles\bsfrh8vj.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\m spoletini\application data\mozilla\firefox\profiles\bsfrh8vj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\m spoletini\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\m spoletini\application data\neulion\adaptiveplugin\npadaptiveplugin_1_6_5_7131.dll
FF - plugin: c:\documents and settings\m spoletini\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 9\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: external IP: externalip@erik.morlin - %profile%\extensions\externalip@erik.morlin
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: KidZui K2: firefoxK2@kidzui.com - %profile%\extensions\firefoxK2@kidzui.com
FF - Ext: FoxSaver: foxsaver@www.foxsaver.com - %profile%\extensions\foxsaver@www.foxsaver.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - %profile%\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Ext: Google Minimalist: {64312dc5-3fc3-40d1-b183-0e4060fc52ac} - %profile%\extensions\{64312dc5-3fc3-40d1-b183-0e4060fc52ac}
FF - Ext: History Submenus: {7102aba3-045c-4ec2-b921-46d87636d84b} - %profile%\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
FF - Ext: Firefox Showcase: {89506680-e3f4-484c-a2c0-ed711d481eda} - %profile%\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: NoRedirect: {c1970c0d-dbe6-4d91-804f-c9c0de643a57} - %profile%\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R? c2scsi;c2scsi
R? CachemanXPService;CachemanXP
R? ccEvtMgr;Symantec Event Manager
R? ccSetMgr;Symantec Settings Manager
R? cpuz134;cpuz134
R? EverestDriver;Lavalys EVEREST Kernel Driver
R? IDriveE Service;IDriveE Service
R? lxdiCATSCustConnectService;lxdiCATSCustConnectService
R? PCTFW-DNS;PCTools Firewall - DNS driver
R? pcwe;pcwe
R? RoxLiveShare10;LiveShare P2P Server 10
R? rt2870;Linksys 802.11n USB Wireless LAN Card Driver
R? SASENUM;SASENUM
R? SessionLauncher;SessionLauncher
R? StarWindServiceAE;StarWind AE Service
R? Symantec Core LC;Symantec Core LC
R? vaxscsi;vaxscsi
S? Akamai;Akamai NetSession Interface
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avgio;avgio
S? avgntflt;avgntflt
S? cpuz129;cpuz129
S? FGXSCSI;FGXSCSI
S? GenPort;GenPort
S? GenPort2;GenPort2
S? lxdi_device;lxdi_device
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? NPF;NetGroup Packet Filter Driver
S? PCTAppEvent;PCTAppEvent Driver
S? PCTFW-PacketFilter;PCTools Firewall - Packet filter driver
S? pctgntdi;pctgntdi
S? pctNDIS;PC Tools Driver
S? PCToolsFirewallPlus;PC Tools Firewall Plus
S? pctplfw;pctplfw
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2011-06-20 17:50:07 388096 ----a-r- c:\documents and settings\m spoletini\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-20 17:49:41 -------- d-----w- c:\program files\Grinder
2011-05-21 20:51:05 -------- d-----w- c:\documents and settings\m spoletini\application data\KidZui
2011-05-21 20:51:04 -------- d-----w- c:\program files\Kidzui
.
==================== Find3M ====================
.
2011-05-29 15:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 15:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 22:31:46 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-05-09 14:15:40 2131311 ----a-w- c:\documents and settings\all users\SPL1DF.tmp
2011-05-01 15:25:31 835802 ----a-w- c:\documents and settings\all users\SPL26.tmp
2011-04-16 03:54:29 783289 ----a-w- c:\documents and settings\all users\SPL5.tmp
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 14:43:56.93 ===============



.
==== Installed Programs ======================
.
Acrobat.com
Activation (Nero MediaHome 4)
Activation (Nero Move it)
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader X (10.0.1)
Adobe Shockwave Player
Advertising Center
Age of Mythology
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Astroburn
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
µTorrent
Audacity 1.2.6
Auslogics Disk Defrag
Autodesk DWF Viewer
AutoDWG DWG2PDF Converter
AutoUpdate
AutoVue SolidModel Pro, Desktop Edition
Avery DesignPro
Avira AntiVir Personal - Free Antivirus
Bagpipe Player
BitPim 1.0.7.20090303
Blaze Media Pro
Blu-ray Disc Authoring Plug-in
BlueVoda Website Builder 9.3
Bonjour
Britannica Almanac 2005 CD
Business Plan Pro 11.0
CachemanXP 1.7.1.2
CAM UnZip 4.42
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
ccCommon
CCleaner
CDDRV_Installer
Chief Architect Full Version
ConvertXtoDVD 3.3.4.106e
Corel PHOTO-PAINT 11
Corel PHOTO-PAINT 11 SA
Coupon Printer for Windows
dBpowerAMP
dBpowerAMP CD Writer
dBpoweramp Music Converter
Defraggler (remove only)
DFX for Windows Media Player
DirectXInstallService
DivX Player
DIY Deck Designer 6.5.4 - The Home Depot
DolbyFiles
DriverGuide Toolkit
DTS Plug-in
DVD Flick
DVD Shrink 3.2
DVD43 v4.6.0
DVDFab 6.2.1.8 (31/12/2009)
Dwg2Img
eDrawings 2006
EMC 10 Content
erLT
ESET Online Scanner
EVEREST Home Edition v2.20
Fit to List
FLAC Installer 1.1.2a (remove only)
Free DWG Viewer 5.3
Free RAR Extract Frog
Freephoneline
Google Chrome
Google Desktop
Google Earth
Google Talk Plugin
Google Updater
Guitar Hero III
Gun Metal
Handbrake 0.9.4
HD Tach version 3
HEED
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
HOT2000 v10.51 GEN
HOT3000 Release Candidate 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HouseCall 6.6
HP Install Network Printer Wizard
ICopyDVDs2 3.2.2
IDrive version 3.4.0 March 23, 2011
IKEA Home Planner
IKEA Home Planner Kitchen
IKEA Home Planner Office
ImagXpress
ImgBurn
InfraRecorder
iTunes
Java(TM) 6 Update 16
Karen's LAN Monitor
KhalInstallWrapper
Kidzui
Lexmark 3500-4500 Series
LG USB Drivers
LG USB Modem driver
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech SetPoint
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Flash Paper
Malwarebytes' Anti-Malware version 1.51.0.1200
MediaCoder 0.6.1
MediaInfo 0.7.7.7
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Converter Pack
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Sounds
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft PowerPoint Viewer 97
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Journal Viewer
MKVtoolnix 2.4.0
Mozilla Firefox (3.6.17)
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MultiRes (remove only)
Nero ControlCenter
Nero Installer
neroxml
Network Stumbler 0.4.0 (remove only)
NeuLion Adaptive Plugin
NewsBin Pro
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
PaintCOST Estimator Trial
PC Tools Firewall Plus 6.0
PC Wizard 2008.1.871
PC Wizard 2010.1.96
PDFXSDKdrInst
PeerBlock 1.0+ (r484)
Peggle Deluxe
Picasa 3
Pivot Software
Print Server
QBFC3.0
QuickBooks Premier 2002: Accountant Edition
QuickBooks Premier 2004: Contractor Edition
Quicken 2006
QuickTax 2004
QuickTax 2005
QuickTax Tracker
QuickTime
RealArcade
RealPlayer
Recuva
Retirement Income Planner
RETScreen
RETScreen Version 4
RETScreen® International (GSHP3)
Rise of Nations Thrones and Patriots Trial Version
Roxio Activation Module
Seagate*DiscWizard
SeaTools for Windows
Security Task Manager 1.7e
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB950760)
Sentinel Protection Installer 7.0.0
ShowBiz
SiSoftware Sandra Lite 2009
Skins
SmartSound Quicktracks Plugin
SoftK56 Data Fax
Sony USB Driver
SoundMAX
Spybot - Search & Destroy
Steam
SUPERAntiSpyware Free Edition
Symantec
Symantec KB-DocID:2003093015493306
The Lord of the Rings FREE Trial
Therapy for Thera-Aid
Tux Paint 0.9.16
TVUPlayer 2.4.1.0
Tweak UI
UDA Construction Office 2004 PXT
UDA Construction Office 2004 Trial
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 8 (KB976662)
VLC media player 1.1.10
Warcraft III Demo
WeatherEye
WebFldrs XP
WillExpert
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinPcap 4.1.1
WinStars 2.0
WinZip 11.2
Wireshark 1.2.6
WSQ viewer
Xbox 360 Controller for Windows
xp-AntiSpy 3.97-10
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

and cleaned registry with CCleaner
You can only make things worse by doing so.

Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


=====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

====================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
aswMBR log

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-20 22:03:57
-----------------------------
22:03:57.608 OS Version: Windows 5.1.2600 Service Pack 3
22:03:57.608 Number of processors: 2 586 0x303
22:03:57.608 ComputerName: MSPOLETINI UserName:
22:03:58.623 Initialize success
22:05:01.670 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:05:01.686 Disk 0 Vendor: MAXTOR_6L080L4 A93.0500 Size: 76345MB BusType: 3
22:05:01.686 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
22:05:01.686 Disk 1 Vendor: ST3160023AS 3.18 Size: 152627MB BusType: 3
22:05:01.686 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\UlSata1Port4Path0Target0Lun0
22:05:01.686 Disk 2 Vendor: ST375033 SD04 Size: 715404MB BusType: 1
22:05:01.686 Disk 1 MBR read error 0
22:05:01.686 Disk 1 MBR scan
22:05:01.701 Disk 1 unknown MBR code
22:05:01.701 MBR BIOS signature not found 0
22:05:01.701 Disk 1 scanning sectors +312576705
22:05:01.701 Disk 1 scanning C:\WINDOWS\system32\drivers
22:06:51.514 Service scanning
22:06:52.576 Disk 1 trace - called modules:
22:06:52.576 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spfb.sys hal.dll >>UNKNOWN [0x8b18f938]<<
22:06:52.576 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b0f5030]
22:06:52.576 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0x8b129b00]
22:06:52.576 Scan finished successfully
22:14:27.779 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\M Spoletini\Desktop\MBR.dat"
22:14:27.795 The log file has been saved successfully to "C:\Documents and Settings\M Spoletini\Desktop\aswMBR.txt"
 
Problem running RKUnhookerLE.exe

Thanks Broni for your time and advice. I'll take your recommendations seriously.

When I try to run RKUnhookerLE.exe, it scans and shows the screen with the
stealth tab, and then disappears. Tried it three times and same thing. It doesn't give me a chance to save the report.

Any suggestions?
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKiller log

2011/06/20 23:13:08.0748 0892 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/20 23:13:10.0779 0892 ================================================================================
2011/06/20 23:13:10.0779 0892 SystemInfo:
2011/06/20 23:13:10.0779 0892
2011/06/20 23:13:10.0779 0892 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/20 23:13:10.0779 0892 Product type: Workstation
2011/06/20 23:13:10.0779 0892 ComputerName: MSPOLETINI
2011/06/20 23:13:10.0779 0892 UserName: M Spoletini
2011/06/20 23:13:10.0779 0892 Windows directory: C:\WINDOWS
2011/06/20 23:13:10.0779 0892 System windows directory: C:\WINDOWS
2011/06/20 23:13:10.0779 0892 Processor architecture: Intel x86
2011/06/20 23:13:10.0779 0892 Number of processors: 2
2011/06/20 23:13:10.0779 0892 Page size: 0x1000
2011/06/20 23:13:10.0779 0892 Boot type: Normal boot
2011/06/20 23:13:10.0779 0892 ================================================================================
2011/06/20 23:14:02.0389 0892 Initialize success
2011/06/20 23:15:41.0717 2660 ================================================================================
2011/06/20 23:15:41.0717 2660 Scan started
2011/06/20 23:15:41.0717 2660 Mode: Manual;
2011/06/20 23:15:41.0717 2660 ================================================================================
2011/06/20 23:15:42.0108 2660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/20 23:15:42.0170 2660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/20 23:15:42.0248 2660 aeaudio (5ca3873be2477f5dc0035e9ff9c7be0f) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/20 23:15:42.0279 2660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/20 23:15:42.0342 2660 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/06/20 23:15:42.0389 2660 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/20 23:15:42.0592 2660 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/20 23:15:42.0733 2660 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/06/20 23:15:42.0779 2660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/20 23:15:42.0811 2660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/20 23:15:42.0889 2660 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
2011/06/20 23:15:43.0029 2660 ati2mtag (15b2fe76e2eceb98c49ed52311a6f26f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/20 23:15:43.0217 2660 ATIAVAIW (fed003fd00011946b0e4f8fb7a8b4307) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
2011/06/20 23:16:08.0295 2660 atinrvxx (74e104ada8a304774713e9a9a9cb3556) C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
2011/06/20 23:16:08.0342 2660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/20 23:16:08.0389 2660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/20 23:16:08.0498 2660 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/20 23:16:08.0529 2660 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/20 23:16:08.0608 2660 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/20 23:16:08.0654 2660 basic2 (ff42456d36bd355feb1734db374b4fe6) C:\WINDOWS\system32\DRIVERS\basic2.sys
2011/06/20 23:16:08.0717 2660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/20 23:16:08.0795 2660 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/06/20 23:16:08.0826 2660 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/06/20 23:16:08.0873 2660 BVRPMPR5 (892239517221696f62a31f8a895ffce8) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/06/20 23:16:08.0951 2660 c2scsi (9a410a90f06a2812a24a164d896ea755) C:\WINDOWS\system32\drivers\c2scsi.sys
2011/06/20 23:16:08.0998 2660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/20 23:16:09.0061 2660 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/20 23:16:09.0123 2660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/20 23:16:09.0139 2660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/20 23:16:09.0201 2660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/20 23:16:09.0311 2660 Cnxtdiag (152df881731439107a889fbe1df5af6a) C:\WINDOWS\system32\DRIVERS\cnxtdiag.sys
2011/06/20 23:16:09.0451 2660 cpuz129 (c90f24dcd32ecbb6a5abfd9c22100675) C:\Program Files\PC Wizard 2008\pcwiz32.sys
2011/06/20 23:16:09.0545 2660 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
2011/06/20 23:16:09.0639 2660 DFUBTUSB (31273c758c6df7fc27b00be78c7220e9) C:\WINDOWS\system32\Drivers\frmupgr.sys
2011/06/20 23:16:09.0701 2660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/20 23:16:09.0795 2660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/20 23:16:09.0904 2660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/20 23:16:09.0936 2660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/20 23:16:09.0998 2660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/20 23:16:10.0092 2660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/20 23:16:10.0170 2660 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/06/20 23:16:35.0217 2660 EL2000 (c19b0367d5fc1f122e5267b6cea73451) C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
2011/06/20 23:16:35.0264 2660 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/06/20 23:16:35.0389 2660 EverestDriver (76984d46b2abaa46f8b3fcef82c9217d) C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
2011/06/20 23:16:35.0451 2660 Fallback (534a34da6f580acb415c8656809609d2) C:\WINDOWS\system32\DRIVERS\fallback.sys
2011/06/20 23:16:35.0498 2660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/20 23:16:35.0592 2660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/20 23:16:35.0639 2660 fgdxbus (aae9dcb30da4136fe3241b3088a46009) C:\WINDOWS\system32\DRIVERS\fgdxbus.sys
2011/06/20 23:16:35.0686 2660 FGXSCSI (d821735ef92f1091c942c894303b8d1e) C:\WINDOWS\system32\DRIVERS\fgxscsi.sys
2011/06/20 23:16:35.0764 2660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/20 23:16:35.0795 2660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/20 23:16:35.0842 2660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/20 23:16:35.0904 2660 Fsks (4dbcb330f568764201d13345554839fb) C:\WINDOWS\system32\DRIVERS\fsksnt.sys
2011/06/20 23:16:35.0936 2660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/20 23:16:35.0967 2660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/20 23:16:36.0014 2660 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/20 23:16:36.0076 2660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/20 23:16:36.0108 2660 GenPort (6d36c4d933d3ec4dda83ad5f51b1a247) C:\WINDOWS\system32\drivers\GenPort.sys
2011/06/20 23:16:36.0139 2660 GenPort2 (23d9e0278e458b4c5a84f86f901a6a56) C:\WINDOWS\system32\drivers\GenPort2.sys
2011/06/20 23:16:36.0201 2660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/20 23:16:36.0295 2660 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\WINDOWS\system32\drivers\hardlock.sys
2011/06/20 23:16:36.0358 2660 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2011/06/20 23:16:36.0436 2660 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
2011/06/20 23:16:36.0498 2660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/20 23:16:36.0623 2660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/20 23:16:36.0717 2660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/20 23:16:36.0811 2660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/20 23:16:36.0936 2660 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/20 23:16:36.0967 2660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/20 23:16:36.0998 2660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/20 23:16:37.0045 2660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/20 23:16:37.0076 2660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/20 23:16:37.0108 2660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/20 23:16:37.0139 2660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/20 23:17:02.0186 2660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/20 23:17:02.0248 2660 K56 (c7f71a04abc290a62fdc527b772630f4) C:\WINDOWS\system32\DRIVERS\k56nt.sys
2011/06/20 23:17:02.0311 2660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/20 23:17:02.0373 2660 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/20 23:17:02.0436 2660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/20 23:17:02.0498 2660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/20 23:17:02.0545 2660 L8042Kbd (ac728768de636093b4d5ae6361cfadae) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/06/20 23:17:02.0608 2660 L8042mou (02d869562e114db8867271992408bb2d) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/06/20 23:17:02.0717 2660 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/06/20 23:17:02.0764 2660 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/06/20 23:17:02.0811 2660 LMouKE (b286865ac2747ee3b5ea78b5231f8c57) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/06/20 23:17:02.0858 2660 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/20 23:17:02.0951 2660 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
2011/06/20 23:17:03.0014 2660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/20 23:17:03.0061 2660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/20 23:17:03.0123 2660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/20 23:17:03.0154 2660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/20 23:17:03.0170 2660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/20 23:17:03.0201 2660 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/06/20 23:17:03.0264 2660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/20 23:17:03.0326 2660 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/20 23:17:03.0373 2660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/20 23:17:03.0420 2660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/20 23:17:03.0436 2660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/20 23:17:03.0467 2660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/20 23:17:03.0529 2660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/20 23:17:03.0561 2660 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/20 23:17:03.0592 2660 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/20 23:17:03.0654 2660 MVDCODEC (514829ed3e7f140aac16154106d04981) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
2011/06/20 23:17:03.0701 2660 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/20 23:17:03.0764 2660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/20 23:17:03.0795 2660 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/20 23:17:03.0826 2660 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/20 23:17:03.0858 2660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/20 23:17:03.0873 2660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/20 23:17:03.0936 2660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/20 23:17:03.0967 2660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/20 23:17:04.0029 2660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/20 23:17:04.0076 2660 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/20 23:17:04.0154 2660 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
2011/06/20 23:17:29.0186 2660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/20 23:17:29.0248 2660 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2011/06/20 23:17:29.0295 2660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/20 23:17:29.0342 2660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/20 23:17:29.0467 2660 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/20 23:17:29.0576 2660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/20 23:17:29.0608 2660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/20 23:17:29.0670 2660 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/20 23:17:29.0733 2660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/20 23:17:29.0748 2660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/20 23:17:29.0811 2660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/20 23:17:29.0842 2660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/20 23:17:29.0904 2660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/20 23:17:29.0936 2660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/20 23:17:29.0998 2660 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/06/20 23:17:30.0061 2660 PCTAppEvent (cc174f32cc9c18ea3109c4b0fc2ca8df) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011/06/20 23:17:30.0108 2660 PCTFW-DNS (0afd401e45033c6264080989647989d2) C:\WINDOWS\system32\drivers\pctNdis-DNS.sys
2011/06/20 23:17:30.0170 2660 PCTFW-PacketFilter (4a7ef973fcd9c6cad6040ebb61262a5c) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
2011/06/20 23:17:30.0201 2660 pctgntdi (39e8623f9f29dbc9e053a696d85f8ac6) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/06/20 23:17:30.0264 2660 pctNDIS (8bbe917bc4da64b0ba8db33d4c0e0b7d) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/06/20 23:17:30.0295 2660 pctplfw (6d74df36716a458619a62dd764fc4f8b) C:\WINDOWS\system32\drivers\pctplfw.sys
2011/06/20 23:17:30.0529 2660 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/20 23:17:30.0592 2660 pivot (1e91fcdca39953a2a293402fe9fc3deb) C:\WINDOWS\system32\drivers\pivot.sys
2011/06/20 23:17:30.0623 2660 pivotmou (70e581fa39534f25d6b7d4873c3a6589) C:\WINDOWS\system32\drivers\pivotmou.sys
2011/06/20 23:17:30.0686 2660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/20 23:17:30.0717 2660 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/20 23:17:30.0748 2660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/20 23:17:30.0779 2660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/20 23:17:30.0858 2660 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/20 23:17:30.0998 2660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/20 23:17:31.0045 2660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/20 23:17:31.0076 2660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/20 23:17:31.0108 2660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/20 23:17:31.0154 2660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/20 23:17:56.0186 2660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/20 23:17:56.0217 2660 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/20 23:17:56.0264 2660 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/20 23:17:56.0311 2660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/20 23:17:56.0373 2660 Rksample (f0fc7f88f15cff627fc084e69b81e619) C:\WINDOWS\system32\DRIVERS\rksample.sys
2011/06/20 23:17:56.0467 2660 rt2870 (421768b2d9974bb739a99ec6d0af4354) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/06/20 23:17:56.0639 2660 SANDRA (a9fdd67fd92006b3ee89449ffaa0cd53) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\Sandra.sys
2011/06/20 23:17:56.0701 2660 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/20 23:17:56.0733 2660 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/06/20 23:17:56.0779 2660 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/06/20 23:17:56.0920 2660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/20 23:17:56.0983 2660 Sentinel (d23fc3f409fdbb2a5c230abc137c4b45) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/06/20 23:17:57.0045 2660 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/20 23:17:57.0076 2660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/20 23:17:57.0123 2660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/20 23:17:57.0186 2660 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/20 23:17:57.0264 2660 smwdm (d95c55be20d8a0b5b4dd9cf008c2305e) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/20 23:17:57.0342 2660 snapman (b6aa9bbff890ffea333ffe81d0b888ff) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/06/20 23:17:57.0389 2660 SoftFax (360873ba3166120c0a650fe68f08ebd3) C:\WINDOWS\system32\DRIVERS\faxnt.sys
2011/06/20 23:17:57.0483 2660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/20 23:17:57.0561 2660 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/20 23:17:57.0561 2660 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/06/20 23:17:57.0576 2660 sptd - detected LockedFile.Multi.Generic (1)
2011/06/20 23:17:57.0592 2660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/20 23:17:57.0654 2660 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/20 23:17:57.0733 2660 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/20 23:17:57.0779 2660 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/20 23:17:57.0811 2660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/20 23:17:57.0858 2660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/20 23:17:57.0983 2660 SymEvent (403bd24fa5c55fc648abdd039629a954) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/06/20 23:17:58.0045 2660 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/06/20 23:17:58.0123 2660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/20 23:17:58.0217 2660 Tcpip (a29e1209f925a0e9b330e11da5fc7bab) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/20 23:18:23.0279 2660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/20 23:18:23.0311 2660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/20 23:18:23.0373 2660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/20 23:18:23.0436 2660 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/06/20 23:18:23.0498 2660 timounter (68b3daa08ea06737022832fccffb9b75) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/06/20 23:18:23.0561 2660 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/06/20 23:18:23.0608 2660 Tones (947dcc17facabd494987a06b67ff7d16) C:\WINDOWS\system32\DRIVERS\tonesnt.sys
2011/06/20 23:18:23.0686 2660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/20 23:18:23.0748 2660 UlSata (b37c465ec8029d732cd572b347dacc2e) C:\WINDOWS\system32\DRIVERS\ulsata.sys
2011/06/20 23:18:23.0826 2660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/20 23:18:23.0904 2660 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/06/20 23:18:23.0967 2660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/20 23:18:23.0998 2660 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/06/20 23:18:24.0061 2660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/20 23:18:24.0123 2660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/20 23:18:24.0170 2660 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/06/20 23:18:24.0186 2660 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/20 23:18:24.0248 2660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/20 23:18:24.0311 2660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/20 23:18:24.0373 2660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/20 23:18:24.0404 2660 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/20 23:18:24.0467 2660 V124 (88955c454ef486cc4229d116ecc9b712) C:\WINDOWS\system32\DRIVERS\v124nt.sys
2011/06/20 23:18:24.0545 2660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/20 23:18:24.0608 2660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/20 23:18:24.0654 2660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/20 23:18:24.0748 2660 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/20 23:18:24.0826 2660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/20 23:18:24.0904 2660 winachsf (dbb5ed727013e0cb183047688c8d22a0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/20 23:18:24.0998 2660 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/20 23:18:25.0061 2660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/20 23:18:25.0108 2660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/20 23:18:25.0201 2660 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/20 23:18:25.0342 2660 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/20 23:18:25.0545 2660 ================================================================================
2011/06/20 23:18:25.0545 2660 Scan finished
2011/06/20 23:18:25.0545 2660 ================================================================================
2011/06/20 23:18:25.0561 1140 Detected object count: 1
2011/06/20 23:18:25.0561 1140 Actual detected object count: 1
2011/06/20 23:19:38.0576 1140 LockedFile.Multi.Generic(sptd) - User select action: Skip
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
New aswMBR log

RootkitUnhooker disappears shortly after I hit scan.

Should I run Combofix?

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-21 16:08:19
-----------------------------
16:08:19.154 OS Version: Windows 5.1.2600 Service Pack 3
16:08:19.154 Number of processors: 2 586 0x303
16:08:19.154 ComputerName: MSPOLETINI UserName:
16:08:20.014 Initialize success
16:08:27.201 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
16:08:27.201 Disk 0 Vendor: MAXTOR_6L080L4 A93.0500 Size: 76345MB BusType: 3
16:08:27.201 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
16:08:27.201 Disk 1 Vendor: ST3160023AS 3.18 Size: 152627MB BusType: 3
16:08:27.201 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\UlSata1Port4Path0Target0Lun0
16:08:27.217 Disk 2 Vendor: ST375033 SD04 Size: 715404MB BusType: 1
16:08:27.217 Disk 1 MBR read error 0
16:08:27.217 Disk 1 MBR scan
16:08:27.217 Disk 1 unknown MBR code
16:08:27.217 MBR BIOS signature not found 0
16:08:27.233 Disk 1 scanning sectors +312576705
16:08:27.233 Disk 1 scanning C:\WINDOWS\system32\drivers
16:08:39.654 Service scanning
16:08:40.795 Disk 1 trace - called modules:
16:08:40.795 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89243008]<<
16:08:40.795 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b0f5030]
16:08:40.795 Scan finished successfully
16:09:13.358 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\M Spoletini\Desktop\MBR.dat"
16:09:13.373 The log file has been saved successfully to "C:\Documents and Settings\M Spoletini\Desktop\aswMBR2.txt"
 
Combofix log

ComboFix 11-06-21.06 - M Spoletini 22/06/2011 1:25.2.2 - x86 NETWORK
Running from: c:\documents and settings\M Spoletini\Desktop\CarmineFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\M Spoletini\Application Data\inst.exe
c:\documents and settings\M Spoletini\WINDOWS
c:\documents and settings\M Spoletini\wrar371.exe
c:\willexpert\WillExpert.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\is-QD9V8.exe
c:\windows\system32\Config.ini
c:\windows\system32\skinboxer43.dll
c:\windows\system32\thqasidw.ini
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-05-22 to 2011-06-22 )))))))))))))))))))))))))))))))
.
.
2011-06-21 19:14 . 2011-06-21 19:14 470754 ----a-w- c:\documents and settings\All Users\SPL211.tmp
2011-06-21 01:13 . 2011-06-21 01:13 -------- d-----w- c:\program files\Common Files\Java
2011-06-20 22:43 . 2011-05-04 10:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-20 22:43 . 2011-05-04 10:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-20 17:50 . 2011-06-20 17:50 388096 ----a-r- c:\documents and settings\M Spoletini\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-20 17:49 . 2011-06-20 17:49 -------- d-----w- c:\program files\Grinder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 15:11 . 2008-11-21 10:20 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 15:11 . 2008-05-19 03:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 22:31 . 2011-05-13 22:31 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-05-09 14:15 . 2011-05-09 14:15 2131311 ----a-w- c:\documents and settings\All Users\SPL1DF.tmp
2011-05-04 08:25 . 2007-04-18 02:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-01 15:25 . 2011-05-01 15:25 835802 ----a-w- c:\documents and settings\All Users\SPL26.tmp
2011-04-16 03:54 . 2011-04-16 03:54 783289 ----a-w- c:\documents and settings\All Users\SPL5.tmp
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2007-08-13 03:31 . 2006-08-06 05:20 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-10-20 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2008-10-20 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-20 3168216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"PtiuPbmd"="ptipbm.dll" [2003-01-16 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2006-01-19 67264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-1 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-18 14:42 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^M Spoletini^Start Menu^Programs^Startup^dBpowerAMP.lnk]
backup=c:\windows\pss\dBpowerAMP.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^M Spoletini^Start Menu^Programs^Startup^IDrive Tray.lnk]
path=c:\documents and settings\M Spoletini\Start Menu\Programs\Startup\IDrive Tray.lnk
backup=c:\windows\pss\IDrive Tray.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^M Spoletini^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-08-08 23:51 148760 ----a-w- c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-08-09 00:00 1945424 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2007-12-19 20:13 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2007-08-08 23:47 1169456 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-24 02:34 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameDrive]
2006-07-22 06:46 167936 ----a-w- c:\program files\FarStone\GameDrive\GDP\gdtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-13 06:24 133104 ----atw- c:\documents and settings\M Spoletini\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDriveE Startup]
2011-02-24 00:07 188416 ----a-w- c:\program files\IDrive\IDrvieEStartup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 22:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
2007-10-29 22:43 662016 ----a-w- c:\program files\IObit\Advanced WindowsCare V2\MemCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2008-03-29 22:37 1271032 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-04-10 08:37 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"SessionLauncher"=2 (0x2)
"SandraAgentSrv"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=3 (0x3)
"NBService"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c985c4f995331e"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"CachemanXPService"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"aawservice"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Documents and Settings\\M Spoletini\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\M Spoletini\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
"6885:TCP"= 6885:TCP:Utorrent
"1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
"500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [21/08/2009 3:03 PM 71680]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/12/2007 12:09 AM 717296]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [24/09/2009 1:46 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28/05/2008 10:33 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 10:33 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [29/08/2002 6:00 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/09/2009 10:28 AM 136360]
R2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [21/08/2006 3:41 PM 6112]
R2 GenPort2;GenPort2;c:\windows\system32\drivers\genport2.sys [21/08/2006 3:41 PM 6112]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [26/03/2011 3:17 PM 147456]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [01/05/2008 8:59 PM 366640]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 12:19 PM 50704]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [24/09/2009 1:46 PM 88040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/05/2008 9:44 PM 22712]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [24/09/2009 1:46 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [24/09/2009 1:46 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [24/09/2009 1:45 PM 115216]
S1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [25/01/2008 12:44 AM 244736]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [22/04/2010 6:50 AM 99248]
S3 BlackBox;BlackBox SR2; [x]
S3 cpuz129;cpuz129;c:\program files\PC Wizard 2008\pcwiz32.sys [15/01/2009 10:33 PM 9600]
S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [28/03/2011 8:11 PM 20328]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18/08/2005 1:00 AM 7168]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [24/09/2009 1:46 PM 32680]
S3 pcwe;pcwe;\??\c:\program files\PC Wizard 2006\pcw86-32.sys --> c:\program files\PC Wizard 2006\pcw86-32.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 10:33 AM 12872]
S3 vaxscsi;vaxscsi; [x]
S4 CachemanXPService;CachemanXP;c:\progra~1\CachemanXP\CachemanXP.exe [12/10/2008 1:06 AM 243200]
S4 RoxLiveShare10;LiveShare P2P Server 10; [x]
S4 SessionLauncher;SessionLauncher; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-12 09:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Internet Explorer Provided by SHAW Internet
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: cochranelakes.com\www
TCP: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
TCP: Interfaces\{16D4EDF1-757B-408D-A9F4-4EE8B71FE865}: NameServer = 64.59.135.143,64.59.135.145
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://abmls.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {57D21206-8ECD-4558-B84D-E9306F157BE4} - hxxp://alta.registries.gov.ab.ca/SpinII/cabs/ATLMapLegend.CAB
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://abmls.mlxchange.com/Control/MLXClientUtils.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://abmls.mlxchange.com/Control/IRCSharc.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Documents and Settings/M Spoletini/My Documents/EIGHT-firefox start page/index.htm
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{741D5D7D-6447-495C-92A2-601235354A18} - (no file)
BHO-{b5b740ea-16fd-4d40-abbe-4a1a46ebc852} - (no file)
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe
MSConfigStartUp-zBrowser Launcher - c:\program files\Logitech\iTouch\iTouch.exe
AddRemove-UDA Construction Office 2004 PXT - c:\progra~1\UDAOFF~2\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-21 23:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3375880333-4178941012-2884938630-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\program files\IDrive\IDriveEView.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdicoms.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\fxssvc.exe
c:\program files\IDrive\IDrivePlugin.exe
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-06-21 23:49:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-22 05:49
.
Pre-Run: 32,524,484,608 bytes free
Post-Run: 32,341,487,616 bytes free
.
- - End Of File - - F5F4D6D7D7CE70CE539B86A5ACD5A029
 
RKill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22/06/2011 at 1:20:35.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 22/06/2011 at 1:20:39.
 
Status

I ended up running combofix in safemode. It would BSOD when trying to run normally.

Computer seems more normal as of now.

I'll wait to hear back from you before proceeding further with anything else.

I've so far re-enabled the firewall, AV, MBAM, spybot, and superantispyware.
 
RKUnHookerLE.exe scan

Was able to do a scan with just the 'drivers' box checked. Log is below. When attempted to do a scan with 'stealth code' checked, it reported an error and shut down.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9F96000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 5455872 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1AD000 C:\WINDOWS\System32\ati3duag.dll 4120576 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF59B000 C:\WINDOWS\System32\ativvaxx.dll 2498560 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF74D6000 PCI_PNP2988 1048576 bytes
0xF74D6000 sphv.sys 1048576 bytes
0xF74D6000 sptd 1048576 bytes
0xAAAFA000 C:\WINDOWS\system32\drivers\hardlock.sys 679936 bytes (Aladdin Knowledge Systems, Hardlock Device Driver for Windows NT)
0xBF063000 C:\WINDOWS\System32\ati2cqag.dll 577536 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBA68A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB9D1D000 C:\WINDOWS\system32\drivers\smwdm.sys 557056 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xB9E02000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 552960 bytes (Conexant Systems, WinACHSF driver)
0xAD639000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xAA7B7000 C:\WINDOWS\System32\DRIVERS\v124nt.sys 495616 bytes (Conexant Systems, V124NT driver)
0xBF0F0000 C:\WINDOWS\System32\atikvmag.dll 471040 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xAD72A000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9C7C000 C:\WINDOWS\System32\Drivers\aisqar0r.SYS 413696 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xBA5FC000 timntr.sys 397312 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xAA9AE000 C:\WINDOWS\System32\DRIVERS\k56nt.sys 393216 bytes (Conexant, K56NT driver)
0xB9AAE000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAD8B6000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 331776 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF163000 C:\WINDOWS\System32\atiok3x2.dll 303104 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAABBC000 C:\WINDOWS\System32\DRIVERS\fallback.sys 290816 bytes (Conexant, Fallback driver)
0xAA201000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAD859000 C:\WINDOWS\system32\drivers\pctgntdi.sys 225280 bytes (PC Tools, PC Tools Generic TDI Driver)
0xAA941000 C:\WINDOWS\System32\DRIVERS\faxnt.sys 200704 bytes (Conexant, FaxNT driver)
0xB9B0C000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7490000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBA65D000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA9878000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAD79A000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAD809000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9DDC000 C:\WINDOWS\System32\DRIVERS\AmosNt.SYS 155648 bytes (Conexant Systems, AmosNT driver)
0xAD704000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF7832000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAD890000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9F3A000 C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys 147456 bytes (3Com Corporation, 3Com 3C2000 NDIS 5.1 Miniport Driver)
0xAAAD6000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9CF9000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9F5E000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9DA5000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAD7E7000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAD7C5000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xAA920000 C:\WINDOWS\system32\drivers\tmcomm.sys 135168 bytes (Trend Micro Inc., TrendMicro Common Module)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBA7E0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7858000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAABA0000 C:\WINDOWS\System32\DRIVERS\fsksnt.sys 114688 bytes (Conexant, FSKsNT driver)
0xBA5E0000 snapman.sys 114688 bytes (Acronis, Acronis Snapshot API)
0xAA53A000 C:\WINDOWS\system32\drivers\pctplfw.sys 110592 bytes (PC Tools, PC Tools FW Plugin Driver)
0xBA5C6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9CE1000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF796F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF74BE000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xBA717000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9C65000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAB2D3000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xAAF6C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9DC8000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xAA99A000 C:\WINDOWS\system32\drivers\PCTAppEvent.sys 81920 bytes (PC Tools, PC Tools App Monitor Driver)
0xAAE3E000 C:\WINDOWS\System32\Drivers\SENTINEL.SYS 81920 bytes (Rainbow Technologies, Inc., Sentinel System Driver (NT Parallel driver))
0xB9F82000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAD90F000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7A3C000 ulsata.sys 77824 bytes (Promise Technology, Inc., Promise Ultra/Sata Series Driver for WinXP)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF795D000 fgxscsi.sys 73728 bytes (FarStone Inc., FarStone SCSI Miniport)
0xBA7CE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F29000 C:\WINDOWS\System32\DRIVERS\basic2.sys 69632 bytes (Conexant Systems, NTRksample driver)
0xF747F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9C2C000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB9C1C000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF743F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76E7000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF75F7000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xAAC2B000 C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys 65536 bytes (PC Tools, PC Tools NDIS - Packet Filter)
0xF745F000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB9EE9000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7677000 Combo-Fix.sys 61440 bytes
0xF741F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xAD9B2000 C:\WINDOWS\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0xF742F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF746F000 C:\WINDOWS\System32\DRIVERS\rksample.sys 61440 bytes (Conexant Systems, Rksample WDM driver)
0xAB069000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA74E000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7607000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xAD9C2000 C:\WINDOWS\System32\DRIVERS\tonesnt.sys 57344 bytes (Conexant, TonesNT driver)
0xF7657000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA78E000 C:\WINDOWS\system32\DRIVERS\pctNdis.sys 53248 bytes (PC Tools, PC Tools NDIS Driver)
0xF740F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB9E89000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAAFE1000 C:\WINDOWS\system32\drivers\Haspnt.sys 49152 bytes (Aladdin Knowledge Systems, HASP Kernel Device Driver for Windows NT)
0xBA7AE000 C:\WINDOWS\System32\Drivers\Pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF7877000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7687000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xB9EB9000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF744F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7887000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76F7000 C:\WINDOWS\System32\DRIVERS\SOAR.SYS 45056 bytes (Conexant Systems, Soar driver)
0xF7617000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA77E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA79E000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA997E000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB9E99000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76C7000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA9EE6000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA7BE000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB9ED9000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF76D7000 C:\WINDOWS\system32\drivers\pivot.sys 36864 bytes (Windows (R) 2000 DDK provider, Pivot Software Miniport Driver)
0xF7667000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB9EF9000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF777F000 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 32768 bytes (Avanquest Software, BVRP NDIS 5.0 MPR Protocol Driver)
0xF77C7000 C:\CarmineFix21791C\catchme.sys 32768 bytes
0xF77E7000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF780F000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF7787000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB9B7C000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xAD932000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 32768 bytes (Acronis, Acronis True Image File System Filter)
0xB9B3C000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7767000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7797000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF781F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF779F000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF77BF000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77AF000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77B7000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB9B54000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB9B5C000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xAD942000 C:\WINDOWS\system32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF775F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF771F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77A7000 C:\WINDOWS\System32\DRIVERS\dvd43llh.sys 20480 bytes (RIF, dvd43llh.sys)
0xF77F7000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF776F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7777000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF778F000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7757000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAD96A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9AA2000 C:\WINDOWS\System32\Drivers\ASPI32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xAD849000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xAB354000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xBA532000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAB2B7000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA536000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xADA56000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAAE3A000 C:\WINDOWS\System32\DRIVERS\cnxtdiag.sys 12288 bytes (Conexant Systems, Diagnostic Interface DRIVER)
0xBA53A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA52A000 C:\WINDOWS\system32\DRIVERS\fgdxbus.sys 12288 bytes (FarStone Inc., FarStone Bus Enumerator)
0xADA4E000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAD841000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA4DA000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA526000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xB9C55000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79BF000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF79AB000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79A7000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79AF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79A1000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79BB000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xF79B3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF799F000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79A3000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7AA3000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AB1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A6A000 C:\WINDOWS\System32\Drivers\GenPort.SYS 4096 bytes
0xF7A7A000 C:\WINDOWS\System32\Drivers\GenPort2.SYS 4096 bytes
0xF7AA8000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8B1C91F8 unknown_irp_handler 3592 bytes
0x8B15C1F8 unknown_irp_handler 3592 bytes
0x8A1431F8 unknown_irp_handler 3592 bytes
0x8A6E21F8 unknown_irp_handler 3592 bytes
0x8B15B1F8 unknown_irp_handler 3592 bytes
0x8B1CC1F8 unknown_irp_handler 3592 bytes
0x8B1CA1F8 unknown_irp_handler 3592 bytes
0x8A1661F8 unknown_irp_handler 3592 bytes
0x8A6B41F8 unknown_irp_handler 3592 bytes
0x8A1441F8 unknown_irp_handler 3592 bytes
0x89C9B500 unknown_irp_handler 2816 bytes
0x8A709500 unknown_irp_handler 2816 bytes
0x8A6A8500 unknown_irp_handler 2816 bytes
0x8A167500 unknown_irp_handler 2816 bytes
 
All looks much better now :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL.txt log PT 1

OTL logfile created on: 23/06/2011 1:49:02 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\M Spoletini\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.44 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 73.31% Memory free
7.28 Gb Paging File | 6.43 Gb Available in Paging File | 88.38% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 30.16 Gb Free Space | 20.23% Space Free | Partition Type: NTFS
Drive E: | 74.54 Gb Total Space | 32.33 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive K: | 698.64 Gb Total Space | 123.38 Gb Free Space | 17.66% Space Free | Partition Type: NTFS
Drive N: | 892.48 Mb Total Space | 195.16 Mb Free Space | 21.87% Space Free | Partition Type: FAT32

Computer Name: MSPOLETINI | User Name: M Spoletini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 13:48:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\M Spoletini\My Documents\Downloads\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/08 12:11:00 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/25 17:34:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe
PRC - [2011/03/16 11:46:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/10 17:22:22 | 000,147,456 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveE Service.exe
PRC - [2010/12/16 16:56:16 | 000,263,624 | ---- | M] ( ) -- C:\Program Files\IDrive\IDrivePlugin.exe
PRC - [2010/08/02 17:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/20 01:23:29 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2010/01/14 23:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/19 10:55:13 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/20 13:28:26 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\LBTWiz.exe
PRC - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/16 12:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 12:54:08 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/06/23 13:48:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\M Spoletini\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 13:25:46 | 000,017,424 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\IMHook.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (StarWindServiceAE)
SRV - File not found [Disabled | Stopped] -- -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare10)
SRV - [2011/06/14 19:29:34 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/08 12:11:00 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 11:46:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/10 17:22:22 | 000,147,456 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2009/11/19 10:55:13 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/10/20 12:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/08/18 03:47:42 | 000,243,200 | ---- | M] (Outertech) [Disabled | Stopped] -- C:\Program Files\CachemanXP\CachemanXP.exe -- (CachemanXPService)
SRV - [2007/08/08 17:51:48 | 000,410,904 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 10:14:42 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/04/17 21:42:09 | 001,174,152 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/22 22:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/22 22:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/16 16:00:42 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/01/19 12:29:52 | 002,041,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/19 12:29:52 | 000,100,032 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/16 11:46:38 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/23 18:10:48 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/09 12:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2010/06/17 16:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 16:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/25 23:47:43 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 20:53:04 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/18 20:53:04 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/20 01:23:40 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/20 01:23:40 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2010/01/20 01:23:39 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/20 01:23:39 | 000,032,680 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys -- (PCTFW-DNS)
DRV - [2010/01/20 01:23:38 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/20 01:23:38 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/10/20 12:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/06/17 10:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/04/28 19:02:02 | 000,719,616 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/02/10 18:25:02 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/12/01 16:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/07/29 13:35:18 | 000,021,920 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/05/26 22:23:49 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/14 19:24:32 | 000,171,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2008/04/13 12:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/22 23:02:08 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/03/22 23:02:08 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/03/22 23:01:56 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/01/25 13:23:48 | 000,009,600 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC Wizard 2008\pcwiz32.sys -- (cpuz129)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/09/21 03:10:54 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/09/21 03:10:26 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/09/21 03:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/04/17 21:40:41 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/02/21 19:56:06 | 000,049,904 | ---- | M] (Avanquest Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/10 06:00:00 | 000,244,736 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2007/01/03 17:25:18 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2006/10/18 21:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2006/08/05 06:20:36 | 000,071,680 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fgxscsi.sys -- (FGXSCSI)
DRV - [2006/07/12 06:17:06 | 000,011,520 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fgdxbus.sys -- (fgdxbus)
DRV - [2006/02/20 03:32:48 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/18 01:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/03/21 12:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\sabprocenum.sys -- (SABProcEnum)
DRV - [2004/09/10 08:00:00 | 000,084,064 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/08/03 23:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2004/08/03 19:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/03 19:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2004/07/14 13:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/03/23 20:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/07/02 16:56:32 | 000,015,401 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (pivot)
DRV - [2003/07/02 16:56:32 | 000,009,260 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2003/06/12 21:04:10 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2003/04/17 03:15:22 | 000,147,328 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2003/03/21 12:34:08 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/19 20:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/07/30 10:34:28 | 000,585,840 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/07/16 11:17:30 | 000,076,610 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/07/16 11:16:58 | 000,539,917 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2001/07/15 18:05:54 | 000,067,222 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2001/07/03 17:42:30 | 000,017,776 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cnxtdiag.sys -- (Cnxtdiag)
DRV - [2001/06/24 17:16:36 | 000,427,215 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/06/24 17:16:08 | 000,124,189 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/06/24 17:15:20 | 000,215,195 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/06/24 17:14:18 | 000,059,375 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2001/06/24 17:13:56 | 000,308,403 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [1998/12/23 20:23:34 | 000,006,112 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\genport2.sys -- (GenPort2)
DRV - [1998/12/23 19:20:34 | 000,006,112 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\genport.sys -- (GenPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
IE - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "file:///C:/Documents and Settings/M Spoletini/My Documents/EIGHT-firefox start page/index.htm"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: foxsaver@www.foxsaver.com:2.2.8
FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {16cbd87c-eb99-4f5c-9825-83cf13ab7ff8}:1.5.6
FF - prefs.js..extensions.enabledItems: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:1.3
FF - prefs.js..extensions.enabledItems: {c1970c0d-dbe6-4d91-804f-c9c0de643a57}:1.3.2.13
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: requestpolicy@requestpolicy.com:0.5.20
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.6.18
FF - prefs.js..extensions.enabledItems: {64312dc5-3fc3-40d1-b183-0e4060fc52ac}:0.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.3
FF - prefs.js..extensions.enabledItems: firefoxK2@kidzui.com:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.102
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.4
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.6
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/20 01:48:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/20 16:43:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 9\components [2011/05/13 16:31:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugins [2011/05/13 16:31:40 | 000,000,000 | ---D | M]

[2008/04/25 03:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Extensions
[2011/06/23 06:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions
[2011/06/18 20:20:59 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/05/05 23:29:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/05 23:29:55 | 000,000,000 | ---D | M] ("Malware Search") -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2010/10/14 11:39:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/05/03 22:10:02 | 000,000,000 | ---D | M] (Metal Lion - 300) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{4A207596-AED2-4223-929F-BBE1D691B7CD}
[2011/05/05 23:29:54 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2011/06/09 23:52:59 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2010/03/19 02:16:13 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2010/11/12 14:08:37 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2011/06/22 00:02:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/05 23:29:55 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2011/06/09 23:52:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/06/09 23:52:59 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010/01/25 22:49:23 | 000,000,000 | ---D | M] (external IP) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\externalip@erik.morlin
[2011/02/11 17:26:33 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\fastdial@telega.phpnet.us
[2011/04/29 02:07:08 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\firefox@ghostery.com
[2009/11/10 22:46:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\firefox@tvunetworks.com
[2011/04/29 01:18:26 | 000,000,000 | ---D | M] (KidZui K2) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\firefoxK2@kidzui.com
[2011/06/09 23:52:57 | 000,000,000 | ---D | M] (FoxSaver) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\foxsaver@www.foxsaver.com
[2011/05/06 23:05:39 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011/05/05 23:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\nostmp
[2011/03/24 16:46:27 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\personas@christopher.beard
[2011/06/22 00:02:39 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\piclens@cooliris.com
[2009/08/30 10:08:28 | 000,000,000 | ---D | M] (TimeTracker) -- C:\Documents and Settings\M Spoletini\Application Data\Mozilla\Firefox\Profiles\bsfrh8vj.default\extensions\timetrack@usablehack.com
[2011/06/20 16:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/20 16:44:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\M SPOLETINI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BSFRH8VJ.DEFAULT\EXTENSIONS\{64312DC5-3FC3-40D1-B183-0E4060FC52AC}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\M SPOLETINI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BSFRH8VJ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2009/09/24 10:34:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2004/11/12 21:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/10 02:40:59 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2004/11/17 19:21:26 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/09/05 13:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/06/21 23:37:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {741D5D7D-6447-495C-92A2-601235354A18} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {b5b740ea-16fd-4d40-abbe-4a1a46ebc852} - No CLSID value found.
O3 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [PtiuPbmd] C:\WINDOWS\System32\ptipbm.dll (Promise Technology,Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..Trusted Domains: cochranelakes.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..Trusted Domains: Interealty.com ([]* is out of zone range - 5)
O15 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..Trusted Domains: MLXchange.com ([]* is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab (Citrix ICA Client)
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} http://abmls.mlxchange.com/Control/MultiSelectComboBox.cab (Interealty MultiSelect)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {57D21206-8ECD-4558-B84D-E9306F157BE4} http://alta.registries.gov.ab.ca/SpinII/cabs/ATLMapLegend.CAB (MapLegend Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208987734500 (MUWebControl Class)
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} http://abmls.mlxchange.com/Control/MLXClientUtils.cab (MLXchange Client Utils)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://abmls.mlxchange.com/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9AD9B5EB-F9E0-47D4-B20F-C29D58C6F5E1} http://alta.registries.gov.ab.ca/SpinII/cabs/WayToIndex.CAB (IndeXMap Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38016.6201967593 (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\M Spoletini\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\M Spoletini\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/27 11:07:05 | 000,000,030 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/03/21 13:46:32 | 000,000,000 | -H-- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
OTL.txt log PT 2

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 13:36:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/22 01:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/22 01:24:09 | 000,000,000 | ---D | C] -- C:\CarmineFix21791C
[2011/06/22 01:23:06 | 000,000,000 | ---D | C] -- C:\CarmineFix
[2011/06/22 01:16:26 | 004,133,689 | R--- | C] (Swearware) -- C:\Documents and Settings\M Spoletini\Desktop\CarmineFix.exe
[2011/06/21 16:39:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/21 16:36:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/21 16:36:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/21 16:36:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/21 16:36:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/21 16:36:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/21 16:36:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/20 19:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/20 19:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/20 11:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M Spoletini\Start Menu\Programs\HiJackThis
[2011/06/20 11:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Grinder
[2011/06/15 14:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\M Spoletini\My Documents\EIGHT-firefox start page
[2011/06/10 08:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2010/04/22 06:49:32 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2010/04/22 06:49:32 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2010/04/22 06:49:32 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2010/04/22 06:49:32 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2010/04/22 06:49:31 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2010/04/22 06:49:31 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2010/04/22 06:49:31 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2010/04/22 06:49:31 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2010/04/22 06:49:31 | 000,517,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicoms.exe
[2010/04/22 06:49:31 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiih.exe
[2010/04/22 06:49:31 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2010/04/22 06:49:31 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2010/04/22 06:49:30 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2010/04/22 06:49:30 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2010/04/22 06:49:30 | 000,340,912 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicfg.exe
[2009/03/06 23:26:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\M Spoletini\Application Data\pcouffin.sys
[7 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\M Spoletini\My Documents\*.tmp files -> C:\Documents and Settings\M Spoletini\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/23 13:01:40 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/23 12:59:41 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/23 12:58:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 12:58:28 | 000,000,456 | ---- | M] () -- C:\WINDOWS\System32\miniPortInfo.dat
[2011/06/22 12:49:00 | 000,006,743 | ---- | M] () -- C:\Documents and Settings\All Users\lxdi
[2011/06/22 12:46:58 | 000,096,805 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\quantumgp.jpg
[2011/06/22 01:23:37 | 004,133,689 | R--- | M] (Swearware) -- C:\Documents and Settings\M Spoletini\Desktop\CarmineFix.exe
[2011/06/22 01:13:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/21 23:41:26 | 000,447,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 23:41:25 | 000,073,672 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/21 23:37:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/21 16:39:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/21 16:09:13 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\MBR.dat
[2011/06/20 11:50:06 | 000,001,996 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\HiJackThis.lnk
[2011/06/20 01:41:09 | 000,002,451 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/16 01:42:24 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/16 01:24:51 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Application Data\vso_ts_preview.xml
[2011/06/10 10:30:46 | 000,151,065 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\Finishquantum.jpg
[2011/06/10 08:20:42 | 021,022,914 | ---- | M] () -- C:\Documents and Settings\M Spoletini\My Documents\vlc-1.1.10-win32.exe
[2011/06/10 00:03:07 | 000,138,726 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\exoplanet.jpg
[2011/06/10 00:00:14 | 000,035,504 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\fish.jpg
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[7 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\M Spoletini\My Documents\*.tmp files -> C:\Documents and Settings\M Spoletini\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========

[2011/06/22 12:46:56 | 000,096,805 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Desktop\quantumgp.jpg
[2011/06/21 16:39:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/21 16:39:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/21 16:36:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/21 16:36:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/21 16:36:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/21 16:36:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/21 16:36:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/20 22:14:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Desktop\MBR.dat
[2011/06/20 11:50:06 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Desktop\HiJackThis.lnk
[2011/06/10 10:30:45 | 000,151,065 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Desktop\Finishquantum.jpg
[2011/06/10 08:20:04 | 021,022,914 | ---- | C] () -- C:\Documents and Settings\M Spoletini\My Documents\vlc-1.1.10-win32.exe
[2011/06/10 00:03:07 | 000,138,726 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Desktop\exoplanet.jpg
[2011/06/10 00:00:13 | 000,035,504 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Desktop\fish.jpg
[2011/03/26 15:17:48 | 000,026,032 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
[2011/03/26 15:17:47 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2011/03/02 19:38:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2010/11/13 20:15:44 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/11/13 20:15:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/04/22 06:50:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2010/04/22 06:50:27 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2010/04/22 06:50:07 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2010/04/22 06:50:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2010/04/22 06:50:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2010/04/22 06:49:32 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2010/04/22 06:49:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2010/03/21 11:18:14 | 000,067,444 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/21 18:12:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/10/20 12:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/29 03:29:48 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/08/21 15:04:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDPersns.dat
[2009/08/21 15:03:50 | 000,014,496 | ---- | C] () -- C:\WINDOWS\System32\GDI08X.dat
[2009/08/21 15:01:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RemFarStone.exe
[2009/03/06 23:27:57 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Application Data\vso_ts_preview.xml
[2009/03/06 23:26:57 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Application Data\pcouffin.cat
[2009/03/06 23:26:57 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Application Data\pcouffin.inf
[2009/02/10 18:25:02 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/01/20 21:31:47 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/01/20 21:06:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/05 02:13:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/10/31 14:48:54 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI
[2008/10/12 02:36:46 | 007,925,760 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2008/07/05 11:17:46 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/07/03 09:27:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/06/29 09:19:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/11 03:13:13 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\miniPortInfo.dat
[2008/05/26 18:56:32 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/05/08 01:50:06 | 000,090,668 | ---- | C] () -- C:\WINDOWS\System32\vobis32.dll
[2008/04/22 16:45:32 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2008/04/17 11:20:19 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/04/17 10:22:48 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
[2008/03/28 21:36:13 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/28 21:36:13 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/28 21:36:13 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/21 14:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/06 08:40:54 | 000,165,782 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/02/21 23:30:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 08:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2008/01/07 21:06:01 | 000,008,432 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Local Settings\Application Data\rx_audio.Cache
[2008/01/07 21:04:33 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Local Settings\Application Data\rx_image.Cache
[2007/12/14 18:44:15 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/12/14 18:44:14 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/12/14 18:44:14 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/12/14 18:44:14 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/08/21 16:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/21 14:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/03/27 10:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 10:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/01 15:36:26 | 000,057,061 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP.dat
[2006/12/01 15:31:22 | 000,013,768 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP CD Writer.dat
[2006/12/01 15:25:07 | 005,652,144 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/12/01 15:25:07 | 000,015,342 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2006/10/30 12:04:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2006/10/30 11:54:38 | 000,634,065 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2006/09/05 14:43:34 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv7041p3now.sys
[2006/09/05 14:40:06 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv6628p7now.sys
[2006/09/05 13:44:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ae_mini.INI
[2006/09/05 13:42:51 | 000,000,143 | ---- | C] () -- C:\WINDOWS\smrpro.INI
[2006/08/21 15:41:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/08/21 15:41:19 | 000,006,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\genport2.sys
[2006/08/21 15:41:19 | 000,006,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\genport.sys
[2006/07/12 06:17:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2006/07/12 06:17:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2006/07/12 06:17:24 | 000,006,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCdx.sys
[2006/07/12 06:17:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2006/07/12 06:17:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2006/07/12 06:17:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe
[2006/07/12 06:17:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\DxpAppEx.exe
[2006/07/11 16:50:18 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/06/29 09:32:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-4.5.dll
[2006/06/07 03:09:42 | 000,433,678 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/06/07 03:09:14 | 002,559,762 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/06/07 03:06:48 | 000,023,757 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/06/01 08:39:30 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\LDECMPG22.dll
[2006/06/01 08:39:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\LENCMPG22.dll
[2006/06/01 08:38:36 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\LENCMPG2KRN2.dll
[2006/05/31 09:52:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\LDECMPG2KRN2.dll
[2006/05/29 10:23:32 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/05/28 16:31:26 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\LEncMPG4Krn.dll
[2006/05/23 06:35:22 | 001,814,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15_n.dll
[2006/05/08 17:30:27 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Local Settings\Application Data\fusioncache.dat
[2006/02/28 00:27:46 | 000,000,952 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/17 20:55:11 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2005/11/17 11:57:30 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005/11/05 17:34:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
[2005/11/04 20:57:14 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2005/10/14 20:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2005/09/06 11:40:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/08/21 23:03:20 | 000,000,094 | ---- | C] () -- C:\WINDOWS\System32\zbq_Q1swg.ini
[2005/07/17 14:38:32 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2005/04/10 02:07:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/04/08 15:10:43 | 000,037,301 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/08 15:10:37 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/04/08 15:10:20 | 000,003,841 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/02/17 21:56:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\qw.exe
[2005/02/17 21:42:24 | 000,000,418 | ---- | C] () -- C:\WINDOWS\QFP.INI
[2005/02/17 21:42:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/02/17 21:41:56 | 000,001,127 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/02/03 21:59:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe
[2005/02/03 21:59:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe
[2004/09/14 10:49:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\pdfxcds.dll
[2004/09/14 10:28:18 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\gsdll32.dll
[2004/09/14 07:58:09 | 000,043,255 | ---- | C] () -- C:\WINDOWS\avwin.ini
[2004/09/14 07:58:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\avx.ini
[2004/08/13 19:38:03 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\M Spoletini\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/28 22:45:05 | 000,001,320 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/07/24 11:14:40 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/07/24 11:14:40 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\asbdog2.dll
[2004/07/24 11:14:40 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\as2i2kn.dll
[2004/07/24 11:14:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\orsru32.dll
[2004/07/08 04:50:23 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2004/07/03 14:55:27 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/03 11:26:50 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004/07/03 11:05:23 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.0.155-8876480L.exe
[2004/07/03 11:04:40 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2004/07/01 19:33:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/06/26 02:45:19 | 000,012,840 | ---- | C] () -- C:\WINDOWS\W3DemoUnin.dat
[2004/06/23 08:28:04 | 000,220,160 | ---- | C] () -- C:\WINDOWS\PRINTERS.EXE
[2004/06/23 08:28:04 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PRTdlink.dll
[2004/06/20 10:11:35 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/06/17 00:26:31 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\WINKRNME.DLL
[2004/06/17 00:04:06 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2004/06/17 00:03:06 | 000,000,088 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2004/06/11 14:40:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2004/06/11 10:53:13 | 000,002,451 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/11 10:45:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/01 13:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2004/01/30 17:33:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/30 17:04:53 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/01/30 16:49:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2004/01/30 14:54:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/30 14:49:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/30 07:14:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/30 07:13:57 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/08 00:56:36 | 000,880,640 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/08 00:56:35 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/08 00:56:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/08/07 13:01:50 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/12/10 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2002/10/12 21:43:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2002/08/29 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 06:00:00 | 000,447,328 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 06:00:00 | 000,073,672 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/07/19 10:48:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe
[2002/01/11 12:25:05 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/03/28 19:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AltrixSoft
[2006/05/29 13:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2008/06/17 18:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2006/07/02 02:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FitToList
[2011/05/09 21:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2009/09/28 21:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2008/04/14 19:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/11/13 20:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/03/22 23:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/02/09 23:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/01/06 03:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/06/23 13:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/07/24 11:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/07 00:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/05/08 01:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/10 23:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/14 15:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/09/05 13:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFE49F60-C1A0-462A-BD5B-4F35AA035664}
[2005/05/17 22:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\.bittorrent
[2010/11/02 18:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Auslogics
[2005/05/17 22:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Azureus
[2011/05/09 21:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\bppenu11
[2009/10/08 10:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/01/03 21:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\DAEMON Tools
[2006/05/29 13:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\DassaultSystemes
[2010/06/17 00:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\dBpoweramp
[2009/08/21 15:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\FarStone
[2011/04/04 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\freephoneline.ca
[2005/12/25 05:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\funkitron
[2011/05/20 12:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\GetRightToGo
[2009/12/15 02:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\HandBrake
[2008/05/02 11:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\HouseCall 6.6
[2007/01/08 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\ICAClient
[2008/01/07 20:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\ImgBurn
[2009/12/13 17:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\InfraRecorder
[2004/08/13 19:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\InterVideo
[2008/05/14 20:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\IObit
[2011/05/21 14:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\KidZui
[2004/06/17 00:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Leadertech
[2010/05/01 07:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Lexmark Productivity Studio
[2006/01/03 23:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Magic Match
[2009/10/16 19:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\NeuLion
[2009/09/24 14:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\PCToolsFirewallPlus
[2010/11/23 20:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Philipp Winterberg
[2009/12/07 21:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\RETScreen
[2006/09/05 13:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Seven Zip
[2006/12/22 13:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\TuxPaint
[2008/05/08 01:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Uniblue
[2011/06/20 02:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\uTorrent
[2004/06/18 00:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\VERITAS
[2011/06/16 01:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Vso
[2009/04/01 22:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Webshots
[2010/03/22 21:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Wireshark

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/06/27 11:07:05 | 000,000,030 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/12/17 01:55:52 | 000,001,604 | RHS- | M] () -- C:\AVG6DB_N.DAT
[2009/12/14 03:29:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/21 16:39:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/06/21 23:49:06 | 000,021,779 | ---- | M] () -- C:\ComboFix.txt
[2008/06/27 11:07:05 | 000,000,046 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/19 18:29:10 | 000,016,766 | ---- | M] () -- C:\drwtsn32.log
[2008/10/31 14:17:58 | 000,844,854 | ---- | M] () -- C:\extended.jpg
[2008/06/11 10:57:08 | 000,000,000 | ---- | M] () -- C:\format
[2004/01/30 14:52:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/02/24 23:54:29 | 000,000,000 | ---- | M] () -- C:\itouch_crash_info.txt
[2005/07/29 05:48:02 | 000,513,536 | ---- | M] () -- C:\logix Updated 2004-03-16.xls
[2010/05/12 23:35:04 | 000,000,069 | ---- | M] () -- C:\lxdi.log
[2005/07/29 05:48:32 | 000,513,536 | ---- | M] () -- C:\Mark Chambers Main Floor Addition Quote.xls
[2004/01/30 14:52:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/04/10 02:17:29 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/11 01:50:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/31 14:17:58 | 000,844,854 | ---- | M] () -- C:\original.jpg
[2011/06/23 12:58:36 | 4293,918,720 | -HS- | M] () -- C:\pagefile.sys
[2011/06/22 01:20:39 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2008/12/15 19:51:30 | 000,062,464 | ---- | M] () -- C:\RPRR Estimate.xls
[2011/06/21 16:33:24 | 000,055,798 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_20.06.2011_23.13.08_log.txt
[2009/01/30 11:16:16 | 000,001,964 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/01/30 14:51:49 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/03/15 23:08:12 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdidrpp.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2002/09/11 08:26:52 | 000,063,730 | ---- | M] () -- C:\Program Files\viewsonicinstruct_xp.pdf

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/01/30 07:13:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/01/30 07:13:18 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/01/30 07:13:18 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/11 01:56:51 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2006/10/30 11:55:42 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Free AOL & Unlimited Internet.url

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/04/10 08:34:54 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\M Spoletini\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/06/10 18:09:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/01/19 22:28:38 | 038,224,168 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\M Spoletini\Desktop\8-12_xp32_dd_ccc_wdm_enu_72271.exe
[2006/09/06 13:46:32 | 000,050,735 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\AFUDOS.exe
[2009/02/26 15:22:45 | 066,916,509 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\AquariaDemo.2007.12.07.exe
[2011/06/22 01:23:37 | 004,133,689 | R--- | M] (Swearware) -- C:\Documents and Settings\M Spoletini\Desktop\CarmineFix.exe
[2009/03/04 23:49:44 | 023,790,082 | ---- | M] (Shatters Software ) -- C:\Documents and Settings\M Spoletini\Desktop\celestia-win32-1.5.1.exe
[2009/03/20 14:47:52 | 017,987,584 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\IKEA_Home_Planner(2).exe
[2010/03/17 00:35:08 | 000,085,470 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\ipfilter_setup.exe
[2009/02/22 23:02:18 | 1355,811,950 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\midway_suffering.exe
[2010/01/26 21:41:00 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Desktop\WMDecode.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/03/03 01:45:50 | 000,560,766 | ---- | M] (H&C Works) -- C:\Documents and Settings\M Spoletini\My Documents\MacMakeUp.exe
[2009/09/27 11:01:42 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\M Spoletini\My Documents\vlc-1.0.2-win32.exe
[2011/06/10 08:20:42 | 021,022,914 | ---- | M] () -- C:\Documents and Settings\M Spoletini\My Documents\vlc-1.1.10-win32.exe
[2011/05/03 10:42:11 | 020,533,281 | ---- | M] () -- C:\Documents and Settings\M Spoletini\My Documents\vlc-1.1.9-win32.exe
[1 C:\Documents and Settings\M Spoletini\My Documents\*.tmp files -> C:\Documents and Settings\M Spoletini\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >
[2007/08/06 21:49:32 | 000,296,588 | ---- | M] () -- C:\Documents and Settings\M Spoletini\3.0mod3-Patch-Only-Setup.exe
[2008/04/03 12:04:24 | 019,871,600 | ---- | M] () -- C:\Documents and Settings\M Spoletini\aaw2007.exe
[2008/04/09 15:32:47 | 002,218,368 | ---- | M] (Sammsoft ) -- C:\Documents and Settings\M Spoletini\AROTrial.exe
[2007/08/06 21:11:07 | 001,164,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\M Spoletini\install_flash_player.exe
[2007/08/06 21:09:01 | 002,803,440 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Shockwave_Installer_Slim.exe
[2007/09/02 22:53:53 | 006,136,608 | ---- | M] (Nullsoft, Inc.) -- C:\Documents and Settings\M Spoletini\winamp535_pro.exe
[2007/09/20 00:11:56 | 027,936,568 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\M Spoletini\wmp11-windowsxp-x64-enu.exe
[2007/09/20 00:13:51 | 025,755,448 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\M Spoletini\wmp11-windowsxp-x86-enu.exe

< %systemroot%\ADDINS\*.* >
[2003/03/31 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/04/10 08:34:54 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\M Spoletini\Favorites\Desktop.ini
[2006/06/08 12:31:17 | 000,001,288 | ---- | M] () -- C:\Documents and Settings\M Spoletini\Favorites\Microsoft bCentral.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/06/22 12:49:00 | 000,006,743 | ---- | M] () -- C:\Documents and Settings\All Users\lxdi
[7 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Radeon Omega Drivers v4.8.442 Uninstall.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2008/04/23 15:52:46 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\M Spoletini\Cookies\desktop.ini
[2011/06/23 13:26:25 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\M Spoletini\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >
[2003/03/21 12:31:32 | 000,019,994 | ---- | M] () -- C:\WINDOWS\system32\Fonts\ACADEMY_.PFB
[2003/03/21 12:31:32 | 000,000,932 | ---- | M] () -- C:\WINDOWS\system32\Fonts\ACADEMY_.PFM
[2003/03/21 12:31:34 | 000,032,300 | ---- | M] () -- C:\WINDOWS\system32\Fonts\ACADEMY_.TTF

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/12/17 11:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
[2002/12/17 11:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/12/17 11:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/12/17 11:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/12/17 11:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/12/17 11:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/12/17 11:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/12/17 11:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 12:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[2003/06/12 21:04:10 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2008/01/18 22:40:58 | 000,000,000 | ---D | M](C:\Documents and Settings\M Spoletini\????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????) -- C:\Documents and Settings\M Spoletini\䅗䥎䍐湯敮瑣潩㩮∱ാ㰊敎剷浥瑯䡥獯㹴⼼敎剷浥瑯䡥獯㹴丼睥硅整湲污潐瑲㐾㠶〶⼼敎䕷瑸牥慮偬牯㹴丼睥牐瑯捯汯吾偃⼼敎偷潲潴潣㹬丼睥湉整湲污潐瑲㐾㠶〶⼼敎䥷瑮牥慮偬牯㹴丼睥湉整湲污汃敩瑮ㄾ㈹ㄮ㠶〮ㄮ㌳⼼敎䥷瑮牥慮䍬楬湥㹴丼睥湅扡敬㹤㰱丯睥湅扡敬㹤丼睥潐瑲慍灰湩䑧獥牣灩楴湯甾潴牲
(C:\Documents and Settings\M Spoletini\????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????) -- C:\Documents and Settings\M Spoletini\䅗䥎䍐湯敮瑣潩㩮∱ാ㰊敎剷浥瑯䡥獯㹴⼼敎剷浥瑯䡥獯㹴丼睥硅整湲污潐瑲㐾㠶〶⼼敎䕷瑸牥慮偬牯㹴丼睥牐瑯捯汯吾偃⼼敎偷潲潴潣㹬丼睥湉整湲污潐瑲㐾㠶〶⼼敎䥷瑮牥慮偬牯㹴丼睥湉整湲污汃敩瑮ㄾ㈹ㄮ㠶〮ㄮ㌳⼼敎䥷瑮牥慮䍬楬湥㹴丼睥湅扡敬㹤㰱丯睥湅扡敬㹤丼睥潐瑲慍灰湩䑧獥牣灩楴湯甾潴牲

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\M Spoletini\My Documents\SpuntPermit.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\M Spoletini\My Documents\Spunt-JE1_R14.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\M Spoletini\My Documents\See My Pony.edited.jpg:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >
 
OTL Extras.txt log

OTL Extras logfile created on: 23/06/2011 1:49:02 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\M Spoletini\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.44 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 73.31% Memory free
7.28 Gb Paging File | 6.43 Gb Available in Paging File | 88.38% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 30.16 Gb Free Space | 20.23% Space Free | Partition Type: NTFS
Drive E: | 74.54 Gb Total Space | 32.33 Gb Free Space | 43.37% Space Free | Partition Type: NTFS
Drive K: | 698.64 Gb Total Space | 123.38 Gb Free Space | 17.66% Space Free | Partition Type: NTFS
Drive N: | 892.48 Mb Total Space | 195.16 Mb Free Space | 21.87% Space Free | Partition Type: FAT32

Computer Name: MSPOLETINI | User Name: M Spoletini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:mad:xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:mad:xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:mad:xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
"6885:TCP" = 6885:TCP:*:Enabled:Utorrent
"1723:TCP" = 1723:TCP:*:Enabled:mad:xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:mad:xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:mad:xpsp2res.dll,-22017
"1032:TCP" = 1032:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Aspyr\Guitar Hero III\GH3.exe" = C:\Program Files\Aspyr\Guitar Hero III\GH3.exe:*:Enabled:Guitar Hero III -- (Aspyr Media, Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Documents and Settings\M Spoletini\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\M Spoletini\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\M Spoletini\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\M Spoletini\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07295ABF-1245-415A-BE06-863271753443}" = ShowBiz
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel PHOTO-PAINT 11 SA
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F859CB-541C-493C-A605-E0F53EAA2205}_is1" = HOT3000 Release Candidate 2
"{1ACE5DBB-AA0D-480D-BEE2-C988672CE50B}" = WillExpert
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2b02f826-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier 2004: Contractor Edition
"{2B82EF41-0E63-474D-8C5F-A8EFD0FF3497}" = Chief Architect Full Version
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DF12C94-8D3D-43D4-AF3C-754F51CB89CD}" = HP Install Network Printer Wizard
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{415DB050-CAF2-4E66-91EE-5B4BFDFC3475}" = Macromedia Flash Paper
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4834BC2D-6948-42D8-86C3-166A7C79C464}" = PaintCOST Estimator Trial
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{53337CA9-E9A4-4C59-9D1C-D980EF9BF0C2}" = QuickTax 2004
"{547D4265-AF45-42E9-A62A-C58182AA35B9}" = Sentinel Protection Installer 7.0.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A847475-157F-45AD-9919-CD40D344B8B1}" = QBFC3.0
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{5EDDAC50-0D62-45CC-9605-93E996F1D181}" = Freephoneline
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{65C1C87A-02D9-4557-BC0D-131F1C419D61}" = Britannica Almanac 2005 CD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{7E0E01E6-8F0B-428B-9A06-668104DA6872}" = Business Plan Pro 11.0
"{809987B2-F964-11D4-A1A5-00104BD190B1}" = QuickBooks Premier 2002: Accountant Edition
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Seagate*DiscWizard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8461f92b-24d3-47bc-a34f-9ea7a5a42596}" = Blu-ray Disc Authoring Plug-in
"{88CF28D0-9327-11D4-B090-00E111105300}" = AutoVue SolidModel Pro, Desktop Edition
"{8992B88E-D45E-443B-A329-2F8DC03ECB0A}" = QuickTax Tracker
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C90BAF4-B0BF-41B6-B482-B7E3FFCD72E0}" = Retirement Income Planner
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{998f3224-a5b5-4bf9-9df9-fd53bdf38080}" = DTS Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB86C70-E1EF-7457-46DC-0093B5269458}" = ATI Catalyst Install Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A50885B4-2D9B-4DC7-961D-2661B3A037F0}" = Quicken 2006
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B26E49E2-9521-4677-95CB-63B117D84BD8}" = Gun Metal
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B86DED97-710A-48A4-919F-A66123A09EC8}" = Therapy for Thera-Aid
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 5.3
"{B8D0BC3E-67DF-48A3-ACC9-EEAA8DBFBF29}" = QuickTax 2005
"{B8EA2D6A-3EC4-4DC4-B588-123B7D38B493}" = eDrawings 2006
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFCD5069-52AC-4B3F-902A-CDC5CD5D21DA}" = Dwg2Img
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C46E1C8C-C805-4708-8659-68B3056C1F8C}_is1" = HOT2000 v10.51 GEN
"{C65D81C3-3FC2-4B01-B515-7C6F805886BC}" = AutoDWG DWG2PDF Converter
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5A4789E-C361-4B46-933D-6E15044CCF40}" = DIY Deck Designer 6.5.4 - The Home Depot
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{e36ff7c4-78f4-4ecd-ad28-d08cc320b2b9}" = Activation (Nero MediaHome 4)
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9021599-1E2A-4027-A1CC-40E42A08603C}" = RETScreen Version 4
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f2daf36c-7d16-4e2b-b1eb-1a56dd70f969}" = Activation (Nero Move it)
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20090303
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FEA36347-ADBE-423F-A1B2-74A3C3BCE15E}" = RETScreen
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Mythology 1.0" = Age of Mythology
"Akamai" = Akamai NetSession Interface
"Astroburn" = Astroburn
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bagpipe Player" = Bagpipe Player
"Blaze Media Pro" = Blaze Media Pro
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder 9.3
"CachemanXP 1.7.1.2" = CachemanXP 1.7.1.2
"CCleaner" = CCleaner
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_201314F1" = SoftK56 Data Fax
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CUZ4_is1" = CAM UnZip 4.42
"dBpowerAMP" = dBpowerAMP
"dBpowerAMP CD Writer" = dBpowerAMP CD Writer
"dBpowerAMP Music Converter" = dBpoweramp Music Converter
"Defraggler" = Defraggler (remove only)
"DFX for Windows Media Player" = DFX for Windows Media Player
"DriverGuide Toolkit" = DriverGuide Toolkit
"DVD Flick_is1" = DVD Flick
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.6.0
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EsetOnlineScanner" = ESET Online Scanner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fit to List" = Fit to List
"FLAC" = FLAC Installer 1.1.2a (remove only)
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Handbrake" = Handbrake 0.9.4
"HD Tach_is1" = HD Tach version 3
"HEED" = HEED
"ICopyDVDs2" = ICopyDVDs2 3.2.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IDrive_is1" = IDrive version 3.4.0 March 23, 2011
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IKEA Home Planner Kitchen" = IKEA Home Planner Kitchen
"IKEA Home Planner Office" = IKEA Home Planner Office
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel PHOTO-PAINT 11
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{8992B88E-D45E-443B-A329-2F8DC03ECB0A}" = QuickTax Tracker
"InstallShield_{D5A4789E-C361-4B46-933D-6E15044CCF40}" = DIY Deck Designer 6.5.4 - The Home Depot
"Karen's LAN Monitor" = Karen's LAN Monitor
"Kidzui" = Kidzui
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"LG USB Drivers" = LG USB Drivers
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MediaCoder" = MediaCoder 0.6.1
"MediaInfo" = MediaInfo 0.7.7.7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 2.4.0
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiRes (remove only)" = MultiRes (remove only)
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NeuLion Adaptive Plugin" = NeuLion Adaptive Plugin
"NewsBin5" = NewsBin Pro
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"PC Wizard 2008_is1" = PC Wizard 2008.1.871
"PC Wizard 2010_is1" = PC Wizard 2010.1.96
"PDFXSDKdrInst" = PDFXSDKdrInst
"Peggle Deluxe" = Peggle Deluxe
"Picasa 3" = Picasa 3
"PPTView97" = Microsoft PowerPoint Viewer 97
"Print Server" = Print Server
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"RETScreen® International (GSHP3)" = RETScreen® International (GSHP3)
"RiseofNationsExpansionTrial 1.0" = Rise of Nations Thrones and Patriots Trial Version
"Security Task Manager" = Security Task Manager 1.7e
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006 (Symantec Corporation)
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"Tux Paint_is1" = Tux Paint 0.9.16
"TVUPlayer" = TVUPlayer 2.4.1.0
"Tweak UI 2.10" = Tweak UI
"UDA Construction Office 2004 Trial" = UDA Construction Office 2004 Trial
"VLC media player" = VLC media player 1.1.10
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"WinPortrait" = Pivot Software
"WinStars 2.0_is1" = WinStars 2.0
"Wireshark" = Wireshark 1.2.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"xp-AntiSpy" = xp-AntiSpy 3.97-10

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Warcraft III Demo" = Warcraft III Demo
"WeatherEye" = WeatherEye

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/04/2011 2:57:54 PM | Computer Name = MSPOLETINI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 20/04/2011 2:24:34 PM | Computer Name = MSPOLETINI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 21/04/2011 11:14:27 AM | Computer Name = MSPOLETINI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 22/04/2011 10:12:57 AM | Computer Name = MSPOLETINI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 23/04/2011 10:27:13 AM | Computer Name = MSPOLETINI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 26/04/2011 8:38:31 AM | Computer Name = MSPOLETINI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 03/05/2011 8:36:08 AM | Computer Name = MSPOLETINI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 03/05/2011 8:52:34 AM | Computer Name = MSPOLETINI | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office XP Small Business -- Error 1719. The Windows
Installer Service could not be accessed. This can occur if you are running Windows
in safe mode, or if the Windows Installer is not correctly installed. Contact your
support personnel for assistance.

Error - 06/05/2011 10:19:17 AM | Computer Name = MSPOLETINI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 07/05/2011 9:44:53 AM | Computer Name = MSPOLETINI | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot
find the required files. Check your connection to the network, or CD-ROM drive.
For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

[ OSession Events ]
Error - 21/01/2008 3:17:44 AM | Computer Name = MSPOLETINI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 488
seconds with 360 seconds of active time. This session ended with a crash.

Error - 01/05/2008 1:21:41 AM | Computer Name = MSPOLETINI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 12 seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/05/2008 1:22:13 AM | Computer Name = MSPOLETINI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 22/06/2011 9:46:56 PM | Computer Name = MSPOLETINI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService
service to connect.

Error - 22/06/2011 9:46:56 PM | Computer Name = MSPOLETINI | Source = Service Control Manager | ID = 7000
Description = The lxdiCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 22/06/2011 9:47:52 PM | Computer Name = MSPOLETINI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SSDP Discovery Service
service to connect.

Error - 22/06/2011 9:47:52 PM | Computer Name = MSPOLETINI | Source = Service Control Manager | ID = 7000
Description = The SSDP Discovery Service service failed to start due to the following
error: %%1053

Error - 23/06/2011 8:31:42 AM | Computer Name = MSPOLETINI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService
service to connect.

Error - 23/06/2011 8:31:42 AM | Computer Name = MSPOLETINI | Source = Service Control Manager | ID = 7000
Description = The lxdiCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 23/06/2011 3:00:22 PM | Computer Name = MSPOLETINI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService
service to connect.

Error - 23/06/2011 3:00:22 PM | Computer Name = MSPOLETINI | Source = Service Control Manager | ID = 7000
Description = The lxdiCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 23/06/2011 3:01:20 PM | Computer Name = MSPOLETINI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SSDP Discovery Service
service to connect.

Error - 23/06/2011 3:01:20 PM | Computer Name = MSPOLETINI | Source = Service Control Manager | ID = 7000
Description = The SSDP Discovery Service service failed to start due to the following
error: %%1053


< End of report >
 
Status

Computer is more or less back to normal. My windows update icon has appeared in the taskbar with numerous update recommendations.

I'll proceed with those after we have finalized the cleansing process.

Thank you for your help so far.
 
Good news :)

You have some Norton's leftovers.
Please, run this tool to remove them: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

==================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (StarWindServiceAE)
    SRV - File not found [Disabled | Stopped] -- -- (SessionLauncher)
    SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare10)
    IE - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    O2 - BHO: (no name) - {741D5D7D-6447-495C-92A2-601235354A18} - No CLSID value found.
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (no name) - {b5b740ea-16fd-4d40-abbe-4a1a46ebc852} - No CLSID value found.
    O3 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O15 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..Trusted Domains: ([]msn in My Computer)
    O15 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..Trusted Domains: aol.com ([free] http in Trusted sites)
    O15 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..Trusted Domains: cochranelakes.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..Trusted Domains: Interealty.com ([]* is out of zone range - 5)
    O15 - HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\..Trusted Domains: MLXchange.com ([]* is out of zone range - 5)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.co...016.6201967593 (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    [7 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
    [6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\M Spoletini\My Documents\*.tmp files -> C:\Documents and Settings\M Spoletini\My Documents\*.tmp -> ]
    [2004/07/24 11:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2008/05/08 01:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Spoletini\Application Data\Uniblue
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\M Spoletini\My Documents\SpuntPermit.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\M Spoletini\My Documents\Spunt-JE1_R14.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\M Spoletini\My Documents\See My Pony.edited.jpg:Roxio EMC Stream
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL Scan & log

All processes killed
========== OTL ==========
Service StarWindServiceAE stopped successfully!
Service StarWindServiceAE deleted successfully!
Service SessionLauncher stopped successfully!
Service SessionLauncher deleted successfully!
Service RoxLiveShare10 stopped successfully!
Service RoxLiveShare10 deleted successfully!
HKU\S-1-5-21-3375880333-4178941012-2884938630-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{741D5D7D-6447-495C-92A2-601235354A18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{741D5D7D-6447-495C-92A2-601235354A18}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5b740ea-16fd-4d40-abbe-4a1a46ebc852}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5b740ea-16fd-4d40-abbe-4a1a46ebc852}\ not found.
Registry value HKEY_USERS\S-1-5-21-3375880333-4178941012-2884938630-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3375880333-4178941012-2884938630-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3375880333-4178941012-2884938630-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\free\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cochranelakes.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Interealty.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3375880333-4178941012-2884938630-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\MLXchange.com\ deleted successfully.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\All Users\SPL1.tmp deleted successfully.
C:\Documents and Settings\All Users\SPL1DF.tmp deleted successfully.
C:\Documents and Settings\All Users\SPL211.tmp deleted successfully.
C:\Documents and Settings\All Users\SPL26.tmp deleted successfully.
C:\Documents and Settings\All Users\SPL4A.tmp deleted successfully.
C:\Documents and Settings\All Users\SPL5.tmp deleted successfully.
C:\Documents and Settings\All Users\SPLE1.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml3.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml3F.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml4.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml40.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml41.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml463.tmp deleted successfully.
C:\WINDOWS\006098_.tmp deleted successfully.
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SETA.tmp deleted successfully.
C:\Documents and Settings\M Spoletini\My Documents\~WRL3943.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\M Spoletini\Application Data\Uniblue\Registry Booster2 folder moved successfully.
C:\Documents and Settings\M Spoletini\Application Data\Uniblue folder moved successfully.
ADS C:\Documents and Settings\M Spoletini\My Documents\SpuntPermit.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\M Spoletini\My Documents\Spunt-JE1_R14.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\M Spoletini\My Documents\See My Pony.edited.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 15034589 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56588 bytes
 
Security Check log

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus SYMLT MSI
Norton AntiVirus Parent MSI
PC Tools Firewall Plus 6.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader X (10.0.1)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
PC Tools Firewall Plus FWService.exe
PC Tools Firewall Plus FirewallGUI.exe
``````````End of Log````````````
 
ESET scan

C:\Qoobox\Quarantine\C\WINDOWS\system32\thqasidw.ini.vir Win32/Adware.Virtumonde.NEO application
C:\System Volume Information\_restore{A0A0A2BE-163B-4EFC-B8CA-67F6F6A19BDD}\RP2104\A0271257.ini Win32/Adware.Virtumonde.NEO application
C:\VundoFix Backups\jjjlm.ini.bad Win32/Adware.Virtumonde.NEO application
C:\VundoFix Backups\jjjlm.ini2.bad Win32/Adware.Virtumonde.NEO application


I was finally able to run the Norton removal tool. I had to run Norton Update for it to work.
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    
    :Services
    
    :Reg
    
    :Files
    C:\VundoFix Backups\jjjlm.ini.bad 
    C:\VundoFix Backups\jjjlm.ini2.bad
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
OTL Scan & log

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\VundoFix Backups\jjjlm.ini.bad moved successfully.
C:\VundoFix Backups\jjjlm.ini2.bad moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: M Spoletini
->Temp folder emptied: 23963931 bytes
->Temporary Internet Files folder emptied: 2085213 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58363080 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 228 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33234 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: M Spoletini
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06242011_103855

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_324.dat not found!

Registry entries deleted on Reboot...
 
Status
Not open for further replies.
Back