Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

computer and internet slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

computer and internet slow

Unread postby johnnycoolwhip » June 20th, 2011, 7:20 pm

Hello, I missed the 3 day post deadline for my last post. I had kidney surgery th 15th hoping you guys wouldof responded before that. Thats no problem knows a better time to fix the computer.
Problem internet browsers run slow and crash all the time. I use google Chrome, Mozillz Firefox and IE8. Also doing things on my computer is hard because of everything takes to long to load sometimes never loads. Takes between 20 seconds to never to load a program
Hears both lists:


.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Home User at 17:50:42 on 2011-06-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.211 [GMT -5:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Immunet Protect *Enabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\REGSVR32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Comp ... eQuery.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 6929235375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B5328FB3-6C13-475B-B153-657E5879875E} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\progra~1\google\google~4\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\home user\application data\mozilla\firefox\profiles\esu596dt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17164
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://us.mg204.mail.yahoo.com/dc/launc ... nf1hj8vtoi
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... apn_ptnrs=^AA2&apn_sauid=3599022D-5BAF-476F-8849-D6692236597A&apn_dtid=^YYYYYY^Z7^US&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\home user\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-11 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-23 307928]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-6-10 98392]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-23 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-23 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-22 136176]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-22 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
.
=============== Created Last 30 ================
.
2011-06-14 18:36:01 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-06-14 18:36:00 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-06-14 18:35:48 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-06-14 18:28:37 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-06-14 18:28:37 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-06-14 18:24:07 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-06-14 18:21:39 -------- d-----w- c:\program files\common files\PC Tools
2011-06-14 18:21:34 -------- d-----w- c:\program files\PC Tools Security
2011-06-14 18:21:34 -------- d-----w- c:\documents and settings\home user\application data\PC Tools
2011-06-14 18:21:34 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-06-14 17:26:44 -------- d-----w- c:\documents and settings\home user\application data\Immunet
2011-06-14 17:26:44 -------- d-----w- c:\documents and settings\all users\Immunet
2011-06-14 17:24:46 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-06-14 17:23:44 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-06-14 17:22:42 -------- d-----w- c:\program files\Immunet Protect
2011-06-14 17:18:05 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-06-14 17:11:30 -------- d-----w- c:\program files\common files\WebM Project
2011-06-11 17:33:42 -------- d-----w- c:\documents and settings\home user\application data\Auslogics
2011-06-11 17:32:24 -------- d-----w- c:\program files\Auslogics
2011-06-11 17:26:56 -------- d-----w- c:\documents and settings\all users\application data\SystemSpeedBooster
2011-06-11 17:26:55 -------- d-----w- c:\documents and settings\home user\application data\SystemSpeedBooster
2011-06-11 17:20:57 -------- d-----w- c:\documents and settings\home user\application data\SystemOptimizeExpert
2011-06-11 17:20:57 -------- d-----w- c:\documents and settings\all users\application data\SystemOptimizeExpert
2011-06-11 13:33:52 -------- d-----w- c:\program files\SelectRebates
2011-06-11 13:12:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 13:03:35 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-11 12:23:30 -------- d-----w- c:\documents and settings\home user\local settings\application data\AskToolbar
2011-06-11 12:23:04 -------- d-----w- c:\program files\Ask.com
2011-06-11 03:38:06 -------- d-----w- c:\program files\Singlesnet
2011-06-10 19:37:05 68976 ----a-w- c:\windows\system32\drivers\GRD.sys
2011-06-10 18:30:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-10 18:29:38 51400 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2011-06-10 18:29:38 29640 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys
2011-06-10 18:29:24 62024 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-06-10 18:29:24 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-06-10 18:26:46 -------- d-----w- c:\documents and settings\all users\application data\G DATA
2011-06-10 18:26:45 -------- d-----w- c:\program files\Lavasoft
2011-06-10 18:26:45 -------- d-----w- c:\program files\common files\G Data
2011-06-10 18:19:40 -------- d-----w- c:\documents and settings\home user\local settings\application data\Downloaded Installations
2011-06-10 13:14:23 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-09 18:58:02 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-06-09 18:57:59 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
.
==================== Find3M ====================
.
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST340014A rev.3.04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x837124D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x837187f0]; MOV EAX, [0x8371886c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8376FAB8]
3 CLASSPNP[0xF796EFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000056[0x83782F18]
5 ACPI[0xF78C5620] -> nt!IofCallDriver[0x804E37D5] -> [0x83747940]
\Driver\atapi[0x837CAA48] -> IRP_MJ_CREATE -> 0x837124D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8371231B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:57:35.45 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2010 3:50:53 PM
System Uptime: 6/20/2011 5:34:32 PM (0 hours ago)
.
Motherboard: MSI | | MS-6535
Processor: Intel(R) Celeron(R) CPU 2.60GHz | Socket-478 | 2600/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 18.16 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP41: 4/25/2011 12:33:16 PM - Software Distribution Service 3.0
RP42: 5/3/2011 2:01:20 PM - Software Distribution Service 3.0
RP43: 5/6/2011 8:33:58 AM - Software Distribution Service 3.0
RP44: 5/11/2011 8:19:07 PM - Software Distribution Service 3.0
RP45: 5/12/2011 7:17:51 PM - Software Distribution Service 3.0
RP46: 5/15/2011 5:19:13 PM - System Checkpoint
RP47: 5/16/2011 8:08:41 PM - System Checkpoint
RP48: 5/19/2011 12:25:43 PM - System Checkpoint
RP49: 5/19/2011 1:22:16 PM - may 19 2011
RP50: 6/4/2011 10:07:34 AM - System Checkpoint
RP51: 6/8/2011 10:08:59 AM - System Checkpoint
RP52: 6/9/2011 3:00:20 PM - System Checkpoint
RP53: 6/10/2011 8:06:20 AM - Installed Ad-Aware
RP54: 6/10/2011 8:07:54 AM - Installed Ad-Aware
RP55: 6/10/2011 1:21:35 PM - Removed Ad-Aware
RP56: 6/10/2011 1:26:02 PM - Installed Windows IDNMitigationAPIs.
RP57: 6/10/2011 1:26:32 PM - Installed Ad-Aware Total Security.
RP58: 6/10/2011 10:38:01 PM - Installed Singlesnet
RP59: 6/14/2011 12:37:10 PM - Installed Windows XP -- Software Updates KB952011.
RP60: 6/14/2011 3:44:09 PM - Spyware Doctor: Cleaning Threats
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Ask Toolbar
Auslogics Registry Cleaner
avast! Free Antivirus
Google Apps
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Immunet Protect
InstaCodecs
Java Auto Updater
Java(TM) 6 Update 23
Linksys Wireless-G PCI Network Adapter with SpeedBooster
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.8)
Picasa 3
Platform
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
runtime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
ShopAtHome.com Toolbar
SimCity 4
Singlesnet
SiS 650_651_M650_M652_740
Spybot - Search & Destroy
Spyware Doctor with AntiVirus 8.0
The Weather Channel Desktop 6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
VIA Platform Device Manager
VIA Vinyl Audio Codecs Driver Setup Program
VideoLAN VLC media player 0.8.6i
WebFldrs XP
WebM Media Foundation Components
Windows Essentials Media Codec Pack 3.2 [32-Bit]
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Xvid 1.2.1 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/20/2011 2:45:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/20/2011 2:44:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/20/2011 1:26:05 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
6/14/2011 8:18:21 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf954ef3, parameter3 ebbf5c00, parameter4 00000000.
.
==== End Of File ===========================
johnnycoolwhip
Regular Member
 
Posts: 21
Joined: June 12th, 2011, 11:32 am
Advertisement
Register to Remove

Re: computer and internet slow

Unread postby MWR 3 day Mod » June 24th, 2011, 2:17 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: computer and internet slow

Unread postby askey127 » June 25th, 2011, 7:25 am

johnnycoolwhip,
Sorry for the delay. I hope you are recovering well.

If you still need help and are not receiving it elsewhere, please proceed as follows:
It appears your system may have an infection called a rootkit.
It may be difficult to repair online.
-----------------------------------------------------------
We will remove some programs here.
Duplicate antivirus apps must be removed.
Spybot can be re-installed after we are through, if you wish.
The first two removals are programs that are not recommended for use at all.

Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Ask Toolbar
Auslogics Registry Cleaner
Immunet Protect
Spybot - Search & Destroy
Spyware Doctor with AntiVirus 8.0

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: computer and internet slow

Unread postby johnnycoolwhip » June 25th, 2011, 11:22 am

Thanks for taking my case. Heres the list. Thier were three saved so I took the latest one .
John Z


2011/06/25 10:04:47.0406 3996 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/25 10:04:47.0984 3996 ================================================================================
2011/06/25 10:04:47.0984 3996 SystemInfo:
2011/06/25 10:04:47.0984 3996
2011/06/25 10:04:47.0984 3996 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/25 10:04:47.0984 3996 Product type: Workstation
2011/06/25 10:04:47.0984 3996 ComputerName: HOME-B2BC004AA3
2011/06/25 10:04:47.0984 3996 UserName: Home User
2011/06/25 10:04:47.0984 3996 Windows directory: C:\WINDOWS
2011/06/25 10:04:47.0984 3996 System windows directory: C:\WINDOWS
2011/06/25 10:04:47.0984 3996 Processor architecture: Intel x86
2011/06/25 10:04:47.0984 3996 Number of processors: 1
2011/06/25 10:04:47.0984 3996 Page size: 0x1000
2011/06/25 10:04:47.0984 3996 Boot type: Normal boot
2011/06/25 10:04:47.0984 3996 ================================================================================
2011/06/25 10:04:49.0781 3996 Initialize success
2011/06/25 10:04:52.0531 3260 ================================================================================
2011/06/25 10:04:52.0531 3260 Scan started
2011/06/25 10:04:52.0531 3260 Mode: Manual;
2011/06/25 10:04:52.0531 3260 ================================================================================
2011/06/25 10:04:53.0250 3260 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/25 10:04:53.0687 3260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/25 10:04:53.0968 3260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/25 10:04:54.0218 3260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/25 10:04:54.0390 3260 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/25 10:04:54.0546 3260 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/25 10:04:55.0031 3260 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/25 10:04:55.0515 3260 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/25 10:04:55.0656 3260 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/25 10:04:55.0828 3260 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/25 10:04:57.0375 3260 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/25 10:04:59.0328 3260 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/25 10:04:59.0718 3260 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/25 10:05:00.0187 3260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/25 10:05:00.0546 3260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/25 10:05:01.0640 3260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/25 10:05:02.0203 3260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/25 10:05:03.0218 3260 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/25 10:05:04.0109 3260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/25 10:05:04.0281 3260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/25 10:05:04.0406 3260 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/25 10:05:04.0640 3260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/25 10:05:04.0796 3260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/25 10:05:05.0031 3260 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/25 10:05:09.0562 3260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/25 10:05:09.0828 3260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/25 10:05:10.0468 3260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/25 10:05:10.0906 3260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/25 10:05:11.0906 3260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/25 10:05:12.0718 3260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/25 10:05:15.0265 3260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/25 10:05:15.0968 3260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/25 10:05:16.0078 3260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/25 10:05:16.0218 3260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/25 10:05:16.0328 3260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/25 10:05:16.0468 3260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/25 10:05:16.0656 3260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/25 10:05:16.0796 3260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/25 10:05:16.0953 3260 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2011/06/25 10:05:17.0234 3260 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/25 10:05:17.0546 3260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/25 10:05:17.0984 3260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/25 10:05:18.0109 3260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/25 10:05:18.0296 3260 ImmunetProtectDriver (0452cbd785659bb9e86b6c849bc292f9) C:\WINDOWS\system32\DRIVERS\ImmunetProtect.sys
2011/06/25 10:05:18.0484 3260 ImmunetSelfProtectDriver (426737322b000e3d9d7fb5b13f443b27) C:\WINDOWS\system32\DRIVERS\ImmunetSelfProtect.sys
2011/06/25 10:05:18.0953 3260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/25 10:05:19.0125 3260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/25 10:05:19.0250 3260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/25 10:05:19.0359 3260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/25 10:05:19.0515 3260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/25 10:05:19.0640 3260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/25 10:05:19.0781 3260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/25 10:05:19.0906 3260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/25 10:05:20.0093 3260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/25 10:05:20.0328 3260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/25 10:05:20.0515 3260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/25 10:05:20.0734 3260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/25 10:05:21.0140 3260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/25 10:05:21.0312 3260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/25 10:05:21.0453 3260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/25 10:05:21.0531 3260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/25 10:05:21.0718 3260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/25 10:05:21.0921 3260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/25 10:05:22.0218 3260 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/25 10:05:22.0453 3260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/25 10:05:22.0609 3260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/25 10:05:22.0765 3260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/25 10:05:22.0921 3260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/25 10:05:23.0062 3260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/25 10:05:23.0250 3260 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/25 10:05:23.0390 3260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/25 10:05:23.0500 3260 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/25 10:05:23.0656 3260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/25 10:05:23.0828 3260 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/25 10:05:23.0968 3260 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/25 10:05:24.0078 3260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/25 10:05:24.0281 3260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/25 10:05:24.0453 3260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/25 10:05:24.0640 3260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/25 10:05:24.0828 3260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/25 10:05:25.0062 3260 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/25 10:05:25.0343 3260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/25 10:05:25.0546 3260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/25 10:05:25.0796 3260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/25 10:05:25.0968 3260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/25 10:05:26.0187 3260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/25 10:05:26.0359 3260 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/25 10:05:26.0515 3260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/25 10:05:26.0734 3260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/25 10:05:26.0906 3260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/25 10:05:27.0109 3260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/25 10:05:27.0312 3260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/25 10:05:27.0484 3260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/25 10:05:28.0359 3260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/25 10:05:28.0531 3260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/25 10:05:29.0203 3260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/25 10:05:29.0406 3260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/25 10:05:29.0750 3260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/25 10:05:30.0000 3260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/25 10:05:30.0125 3260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/25 10:05:30.0281 3260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/25 10:05:30.0515 3260 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/25 10:05:30.0656 3260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/25 10:05:30.0906 3260 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/06/25 10:05:31.0125 3260 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/25 10:05:31.0312 3260 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
2011/06/25 10:05:31.0500 3260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/25 10:05:31.0687 3260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/25 10:05:31.0812 3260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/25 10:05:32.0031 3260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/25 10:05:32.0593 3260 SiS315 (4cc645a3b0919b436fd1b5e464b7b22c) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/06/25 10:05:32.0796 3260 sisagp (fcbb10eebfbce575ca48543f40dcf4bf) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/06/25 10:05:32.0968 3260 SiSkp (ba88fe355d6713239ff63614e3a9b21f) C:\WINDOWS\system32\drivers\srvkp.sys
2011/06/25 10:05:33.0250 3260 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/25 10:05:33.0546 3260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/25 10:05:33.0828 3260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/25 10:05:34.0031 3260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/25 10:05:34.0375 3260 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/25 10:05:34.0500 3260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/25 10:05:34.0750 3260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/25 10:05:35.0171 3260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/25 10:05:35.0375 3260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/25 10:05:35.0578 3260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/25 10:05:35.0734 3260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/25 10:05:35.0937 3260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/25 10:05:36.0484 3260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/25 10:05:36.0781 3260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/25 10:05:37.0046 3260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/25 10:05:37.0265 3260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/25 10:05:37.0593 3260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/25 10:05:37.0921 3260 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/25 10:05:38.0078 3260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/25 10:05:38.0265 3260 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/25 10:05:38.0437 3260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/25 10:05:38.0750 3260 VIAudio (a6fcca426660d3fc5a5cb7c0623a257b) C:\WINDOWS\system32\drivers\vinyl97.sys
2011/06/25 10:05:38.0906 3260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/25 10:05:39.0218 3260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/25 10:05:39.0656 3260 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/25 10:05:39.0843 3260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/25 10:05:40.0031 3260 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/25 10:05:40.0171 3260 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/25 10:05:40.0187 3260 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/25 10:05:40.0203 3260 ================================================================================
2011/06/25 10:05:40.0203 3260 Scan finished
2011/06/25 10:05:40.0203 3260 ================================================================================
2011/06/25 10:05:40.0234 3964 Detected object count: 1
2011/06/25 10:05:40.0234 3964 Actual detected object count: 1
2011/06/25 10:08:12.0281 3964 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/25 10:08:12.0312 3964 \Device\Harddisk0\DR0 - ok
2011/06/25 10:08:12.0312 3964 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/25 10:08:19.0921 2184 Deinitialize success
johnnycoolwhip
Regular Member
 
Posts: 21
Joined: June 12th, 2011, 11:32 am

Re: computer and internet slow

Unread postby johnnycoolwhip » June 25th, 2011, 11:23 am

Thanks for taking my case. Heres the list. Thier were three saved so I took the latest one .
John Z


2011/06/25 10:04:47.0406 3996 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/25 10:04:47.0984 3996 ================================================================================
2011/06/25 10:04:47.0984 3996 SystemInfo:
2011/06/25 10:04:47.0984 3996
2011/06/25 10:04:47.0984 3996 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/25 10:04:47.0984 3996 Product type: Workstation
2011/06/25 10:04:47.0984 3996 ComputerName: HOME-B2BC004AA3
2011/06/25 10:04:47.0984 3996 UserName: Home User
2011/06/25 10:04:47.0984 3996 Windows directory: C:\WINDOWS
2011/06/25 10:04:47.0984 3996 System windows directory: C:\WINDOWS
2011/06/25 10:04:47.0984 3996 Processor architecture: Intel x86
2011/06/25 10:04:47.0984 3996 Number of processors: 1
2011/06/25 10:04:47.0984 3996 Page size: 0x1000
2011/06/25 10:04:47.0984 3996 Boot type: Normal boot
2011/06/25 10:04:47.0984 3996 ================================================================================
2011/06/25 10:04:49.0781 3996 Initialize success
2011/06/25 10:04:52.0531 3260 ================================================================================
2011/06/25 10:04:52.0531 3260 Scan started
2011/06/25 10:04:52.0531 3260 Mode: Manual;
2011/06/25 10:04:52.0531 3260 ================================================================================
2011/06/25 10:04:53.0250 3260 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/25 10:04:53.0687 3260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/25 10:04:53.0968 3260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/25 10:04:54.0218 3260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/25 10:04:54.0390 3260 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/25 10:04:54.0546 3260 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/25 10:04:55.0031 3260 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/25 10:04:55.0515 3260 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/25 10:04:55.0656 3260 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/25 10:04:55.0828 3260 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/25 10:04:57.0375 3260 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/25 10:04:59.0328 3260 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/25 10:04:59.0718 3260 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/25 10:05:00.0187 3260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/25 10:05:00.0546 3260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/25 10:05:01.0640 3260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/25 10:05:02.0203 3260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/25 10:05:03.0218 3260 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/25 10:05:04.0109 3260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/25 10:05:04.0281 3260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/25 10:05:04.0406 3260 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/25 10:05:04.0640 3260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/25 10:05:04.0796 3260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/25 10:05:05.0031 3260 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/25 10:05:09.0562 3260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/25 10:05:09.0828 3260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/25 10:05:10.0468 3260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/25 10:05:10.0906 3260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/25 10:05:11.0906 3260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/25 10:05:12.0718 3260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/25 10:05:15.0265 3260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/25 10:05:15.0968 3260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/25 10:05:16.0078 3260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/25 10:05:16.0218 3260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/25 10:05:16.0328 3260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/25 10:05:16.0468 3260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/25 10:05:16.0656 3260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/25 10:05:16.0796 3260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/25 10:05:16.0953 3260 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2011/06/25 10:05:17.0234 3260 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/25 10:05:17.0546 3260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/25 10:05:17.0984 3260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/25 10:05:18.0109 3260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/25 10:05:18.0296 3260 ImmunetProtectDriver (0452cbd785659bb9e86b6c849bc292f9) C:\WINDOWS\system32\DRIVERS\ImmunetProtect.sys
2011/06/25 10:05:18.0484 3260 ImmunetSelfProtectDriver (426737322b000e3d9d7fb5b13f443b27) C:\WINDOWS\system32\DRIVERS\ImmunetSelfProtect.sys
2011/06/25 10:05:18.0953 3260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/25 10:05:19.0125 3260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/25 10:05:19.0250 3260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/25 10:05:19.0359 3260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/25 10:05:19.0515 3260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/25 10:05:19.0640 3260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/25 10:05:19.0781 3260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/25 10:05:19.0906 3260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/25 10:05:20.0093 3260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/25 10:05:20.0328 3260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/25 10:05:20.0515 3260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/25 10:05:20.0734 3260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/25 10:05:21.0140 3260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/25 10:05:21.0312 3260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/25 10:05:21.0453 3260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/25 10:05:21.0531 3260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/25 10:05:21.0718 3260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/25 10:05:21.0921 3260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/25 10:05:22.0218 3260 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/25 10:05:22.0453 3260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/25 10:05:22.0609 3260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/25 10:05:22.0765 3260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/25 10:05:22.0921 3260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/25 10:05:23.0062 3260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/25 10:05:23.0250 3260 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/25 10:05:23.0390 3260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/25 10:05:23.0500 3260 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/25 10:05:23.0656 3260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/25 10:05:23.0828 3260 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/25 10:05:23.0968 3260 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/25 10:05:24.0078 3260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/25 10:05:24.0281 3260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/25 10:05:24.0453 3260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/25 10:05:24.0640 3260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/25 10:05:24.0828 3260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/25 10:05:25.0062 3260 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/25 10:05:25.0343 3260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/25 10:05:25.0546 3260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/25 10:05:25.0796 3260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/25 10:05:25.0968 3260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/25 10:05:26.0187 3260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/25 10:05:26.0359 3260 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/25 10:05:26.0515 3260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/25 10:05:26.0734 3260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/25 10:05:26.0906 3260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/25 10:05:27.0109 3260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/25 10:05:27.0312 3260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/25 10:05:27.0484 3260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/25 10:05:28.0359 3260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/25 10:05:28.0531 3260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/25 10:05:29.0203 3260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/25 10:05:29.0406 3260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/25 10:05:29.0750 3260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/25 10:05:30.0000 3260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/25 10:05:30.0125 3260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/25 10:05:30.0281 3260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/25 10:05:30.0515 3260 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/25 10:05:30.0656 3260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/25 10:05:30.0906 3260 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/06/25 10:05:31.0125 3260 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/25 10:05:31.0312 3260 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
2011/06/25 10:05:31.0500 3260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/25 10:05:31.0687 3260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/25 10:05:31.0812 3260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/25 10:05:32.0031 3260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/25 10:05:32.0593 3260 SiS315 (4cc645a3b0919b436fd1b5e464b7b22c) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/06/25 10:05:32.0796 3260 sisagp (fcbb10eebfbce575ca48543f40dcf4bf) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/06/25 10:05:32.0968 3260 SiSkp (ba88fe355d6713239ff63614e3a9b21f) C:\WINDOWS\system32\drivers\srvkp.sys
2011/06/25 10:05:33.0250 3260 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/25 10:05:33.0546 3260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/25 10:05:33.0828 3260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/25 10:05:34.0031 3260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/25 10:05:34.0375 3260 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/25 10:05:34.0500 3260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/25 10:05:34.0750 3260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/25 10:05:35.0171 3260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/25 10:05:35.0375 3260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/25 10:05:35.0578 3260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/25 10:05:35.0734 3260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/25 10:05:35.0937 3260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/25 10:05:36.0484 3260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/25 10:05:36.0781 3260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/25 10:05:37.0046 3260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/25 10:05:37.0265 3260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/25 10:05:37.0593 3260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/25 10:05:37.0921 3260 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/25 10:05:38.0078 3260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/25 10:05:38.0265 3260 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/25 10:05:38.0437 3260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/25 10:05:38.0750 3260 VIAudio (a6fcca426660d3fc5a5cb7c0623a257b) C:\WINDOWS\system32\drivers\vinyl97.sys
2011/06/25 10:05:38.0906 3260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/25 10:05:39.0218 3260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/25 10:05:39.0656 3260 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/25 10:05:39.0843 3260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/25 10:05:40.0031 3260 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/25 10:05:40.0171 3260 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/25 10:05:40.0187 3260 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/25 10:05:40.0203 3260 ================================================================================
2011/06/25 10:05:40.0203 3260 Scan finished
2011/06/25 10:05:40.0203 3260 ================================================================================
2011/06/25 10:05:40.0234 3964 Detected object count: 1
2011/06/25 10:05:40.0234 3964 Actual detected object count: 1
2011/06/25 10:08:12.0281 3964 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/25 10:08:12.0312 3964 \Device\Harddisk0\DR0 - ok
2011/06/25 10:08:12.0312 3964 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/25 10:08:19.0921 2184 Deinitialize success
johnnycoolwhip
Regular Member
 
Posts: 21
Joined: June 12th, 2011, 11:32 am

Re: computer and internet slow

Unread postby askey127 » June 25th, 2011, 4:27 pm

johnnycoolwhip,
------------------------------------------------------
Warning - Compromised Data
Because the infection has had remote control access to your Internet activities, you should assume that any data on the machine may have been stolen.
Take whatever precautions you think sensible about any financial (credit cards, banking, etc.), or other critical information that has been passed through or stored on the machine.
I would suggest changing all account names/numbers, and passwords for ANY accounts that have been used with the machine.
That includes not only banking, credit cards, and financial, but also website and e-mail accounts as well.
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • You can also download OTL from HERE
  • Double click the the icon to run it.. Make sure all other windows are closed to let it run uninterrupted.
  • Click Scan All Users.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.

Note that the file Extras.txt will only show the very first time you run OTL.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: computer and internet slow

Unread postby johnnycoolwhip » June 25th, 2011, 5:35 pm

Heres lists OTL and Extras thanks
OTL
OTL logfile created on: 6/25/2011 4:19:08 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Home User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 327.49 Mb Available Physical Memory | 44.53% Memory free
1.38 Gb Paging File | 1.04 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.63 Gb Free Space | 58.05% Space Free | Partition Type: NTFS

Computer Name: HOME-B2BC004AA3 | User Name: Home User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
PRC - [2011/06/25 09:21:55 | 000,362,496 | ---- | M] () -- C:\WINDOWS\system32\bcsa.exe
PRC - [2011/06/25 09:15:19 | 000,360,448 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe
PRC - [2011/06/07 05:13:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54GSSVC)
SRV - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/14 12:22:58 | 000,041,424 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/06/14 12:22:58 | 000,031,184 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2011/06/10 08:14:19 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 06:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/02/25 13:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/25 15:39:06 | 000,203,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004/12/22 02:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/01/06 22:25:50 | 000,432,384 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/10/02 16:25:48 | 000,011,264 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/13 10:43:56 | 000,030,720 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17164"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=22cnf1hj8vtoi"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/20 15:59:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/01/12 16:18:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 08:55:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 08:55:39 | 000,000,000 | ---D | M]

[2011/03/13 10:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Extensions
[2011/03/13 10:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/06/25 09:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions
[2011/06/11 08:59:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/09 14:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions\ffxtlbr@babylon.com
[2011/06/12 09:37:30 | 000,002,581 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\searchplugins\askcom.xml
[2011/06/14 08:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/25 08:55:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/01/12 12:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/08/20 15:59:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/25 08:55:02 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/06/25 08:55:03 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/06/25 08:55:21 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2011/01/30 10:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/02/05 14:07:18 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2011/02/05 14:07:56 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2011/02/05 14:06:55 | 000,100,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2011/06/25 08:55:27 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/06/25 08:55:27 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/03/31 22:54:59 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011/06/24 14:38:19 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2011/06/25 08:55:27 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/06/25 08:55:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/06/25 08:55:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/06/25 08:55:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/06/25 08:55:27 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/06/23 15:51:04 | 000,000,916 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.95.59.211 www.google.com
O1 - Hosts: 184.95.59.212 search.yahoo.com
O1 - Hosts: 184.95.59.212 www.bing.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WhiteSmoke Toolbar) - {e4709dfb-a47d-451c-957d-e78d25263cb8} - C:\Program Files\whitesmoketoolbar\vmntemplateX.dll ()
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {e4709dfb-a47d-451c-957d-e78d25263cb8} - C:\Program Files\whitesmoketoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cftmon] C:\WINDOWS\system32\bcsa.exe ()
O4 - HKLM..\Run: [cleanddm] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [1664051546] C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Comp ... eQuery.dll (CSEQueryObject Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 6929235375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/20 15:47:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 15:39:37 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
[2011/06/25 14:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Local Settings\Application Data\Screentime
[2011/06/25 10:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\vmntemplate
[2011/06/25 10:02:58 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\ziz.com.exe
[2011/06/25 10:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\tdsskiller
[2011/06/25 09:31:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/06/25 09:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/06/25 08:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\whitesmoketoolbar
[2011/06/24 14:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/06/24 14:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/06/22 15:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/06/21 21:56:16 | 007,866,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Home User\Desktop\mseinstall.exe
[2011/06/21 11:50:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/21 09:36:52 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/14 13:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/06/14 13:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/14 13:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/14 13:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/14 12:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/14 12:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
[2011/06/14 12:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\Immunet
[2011/06/14 12:24:46 | 000,031,184 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011/06/14 12:23:44 | 000,041,424 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011/06/14 12:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\My Documents\My Google Gadgets
[2011/06/14 12:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WebM Project
[2011/06/14 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Updater
[2011/06/14 12:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2011/06/14 08:16:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/12 10:24:50 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\tds.com.exe
[2011/06/11 21:25:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/06/11 21:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/11 12:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\Auslogics
[2011/06/11 12:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemSpeedBooster
[2011/06/11 12:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\SystemSpeedBooster
[2011/06/11 12:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\SystemOptimizeExpert
[2011/06/11 12:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemOptimizeExpert
[2011/06/11 12:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\PICTURES
[2011/06/11 08:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates
[2011/06/11 08:12:55 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/11 08:03:35 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/10 22:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Singlesnet
[2011/06/10 22:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Singlesnet
[2011/06/10 15:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/10 15:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/10 14:37:05 | 000,068,976 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/06/10 14:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\DOCUMENTS
[2011/06/10 14:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\PROGRAMS installed
[2011/06/10 13:29:38 | 000,051,400 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/06/10 13:29:38 | 000,029,640 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/06/10 13:29:24 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/06/10 13:29:24 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/06/10 13:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/06/10 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/10 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011/06/10 13:25:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/06/10 13:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Local Settings\Application Data\Downloaded Installations
[2011/06/10 08:14:23 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/10 08:08:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/06/10 08:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/06/09 13:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/06/09 13:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 16:25:03 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-413027322-725345543-1003UA.job
[2011/06/25 16:23:15 | 000,013,510 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 16:20:23 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 16:19:17 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 16:16:52 | 000,000,226 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
[2011/06/25 16:14:45 | 000,013,504 | -HS- | M] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2702064725
[2011/06/25 16:14:45 | 000,013,504 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2702064725
[2011/06/25 16:13:58 | 000,013,394 | -HS- | M] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2271568364
[2011/06/25 16:13:58 | 000,013,394 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2271568364
[2011/06/25 16:13:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 16:13:16 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 16:13:15 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-413027322-725345543-1003.job
[2011/06/25 16:12:51 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/25 16:12:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
[2011/06/25 14:27:07 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/06/25 10:09:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/25 09:59:40 | 001,309,037 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\tdsskiller.zip
[2011/06/25 09:21:55 | 000,362,496 | ---- | M] () -- C:\WINDOWS\System32\bcsa.exe
[2011/06/24 05:26:31 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-413027322-725345543-1003Core.job
[2011/06/23 15:51:04 | 000,000,916 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/21 21:56:51 | 056,039,816 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\avira_antivir_personal_en.exe
[2011/06/21 21:56:25 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Home User\Desktop\mseinstall.exe
[2011/06/21 21:38:01 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\RKUnhookerLE.EXE
[2011/06/21 21:24:40 | 000,513,016 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\issetup.exe
[2011/06/21 21:17:12 | 000,505,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 21:17:12 | 000,087,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/21 11:54:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/20 17:36:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/20 13:50:36 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/20 13:50:33 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\Google Chrome.lnk
[2011/06/16 15:28:00 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\ziz.com.exe
[2011/06/14 13:36:42 | 000,649,458 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/14 13:15:03 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/14 12:49:39 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/14 12:22:58 | 000,041,424 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011/06/14 12:22:58 | 000,031,184 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011/06/14 12:08:26 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\HiJackThis.msi
[2011/06/12 10:24:59 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\tds.com.exe
[2011/06/11 08:12:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/11 08:03:35 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/10 22:38:18 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Start Singlesnet.lnk
[2011/06/10 14:37:05 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/06/10 13:29:39 | 000,029,640 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/06/10 13:29:38 | 000,051,400 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/06/10 13:29:24 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/06/10 13:29:24 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/06/10 13:19:14 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/10 12:44:54 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\Shortcut to Downloads.lnk
[2011/06/10 08:14:19 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/09 16:35:50 | 000,000,735 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/30 17:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 14:48:11 | 009,322,498 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\lanoire_screensaver_pc.exe
[2011/06/25 09:52:57 | 001,309,037 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\tdsskiller.zip
[2011/06/25 09:42:29 | 000,013,394 | -HS- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2271568364
[2011/06/25 09:41:26 | 000,013,510 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 09:21:17 | 000,013,504 | -HS- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2702064725
[2011/06/25 09:21:17 | 000,013,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2271568364
[2011/06/25 09:15:36 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 09:15:36 | 000,013,504 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2702064725
[2011/06/25 09:15:34 | 000,362,496 | ---- | C] () -- C:\WINDOWS\System32\bcsa.exe
[2011/06/25 09:15:32 | 000,000,226 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
[2011/06/25 09:15:21 | 000,015,158 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 09:15:21 | 000,013,510 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 09:15:19 | 000,360,448 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe
[2011/06/21 21:53:33 | 056,039,816 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\avira_antivir_personal_en.exe
[2011/06/21 21:38:01 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\RKUnhookerLE.EXE
[2011/06/21 21:24:37 | 000,513,016 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\issetup.exe
[2011/06/21 21:05:40 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\install
[2011/06/21 21:00:21 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\1.gif
[2011/06/21 21:00:20 | 000,663,040 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\gog.exe
[2011/06/21 20:57:55 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ct_start
[2011/06/14 13:36:13 | 000,649,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/14 13:15:03 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/14 13:15:02 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/14 12:49:39 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/14 12:09:50 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/14 12:08:24 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\HiJackThis.msi
[2011/06/10 22:38:17 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Start Singlesnet.lnk
[2011/06/10 13:30:18 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/10 12:44:54 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\Shortcut to Downloads.lnk
[2011/06/09 16:35:49 | 000,000,735 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/07 10:37:59 | 000,000,480 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/03/13 10:43:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/24 11:57:35 | 000,022,024 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/24 11:32:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/01/24 11:32:22 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/01/24 11:32:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/01/24 11:32:04 | 000,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/01/22 19:12:06 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/22 19:12:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/22 11:31:23 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/22 09:56:07 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 16:01:16 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\TVModeLib.dll
[2010/08/20 16:01:16 | 000,034,915 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2010/08/20 16:01:16 | 000,016,819 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2010/08/20 16:00:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2010/08/20 16:00:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2010/08/20 16:00:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2010/08/20 16:00:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2010/08/20 15:59:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/20 15:50:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/20 10:07:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/20 09:55:43 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,505,574 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,087,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/08/23 09:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/10 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/01/22 10:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/01/24 12:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/11 12:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemOptimizeExpert
[2011/06/11 12:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemSpeedBooster
[2011/06/09 16:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/21 22:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/31 22:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Acapela Group
[2011/06/11 12:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Auslogics
[2011/02/03 19:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\ElevatedDiagnostics
[2011/02/05 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\GetRightToGo
[2011/06/14 12:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Immunet
[2011/02/05 14:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\OpenCandy
[2011/06/11 12:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SystemOptimizeExpert
[2011/06/11 12:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SystemSpeedBooster
[2011/05/07 12:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Uniblue
[2011/06/25 10:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\vmntemplate
[2011/06/25 10:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\whitesmoketoolbar
[2011/01/12 15:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Desktop Search
[2011/01/23 19:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Search
[2011/06/25 14:27:07 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
EATRAS


OTL Extras logfile created on: 6/25/2011 4:19:08 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Home User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 327.49 Mb Available Physical Memory | 44.53% Memory free
1.38 Gb Paging File | 1.04 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.63 Gb Free Space | 58.05% Space Free | Partition Type: NTFS

Computer Name: HOME-B2BC004AA3 | User Name: Home User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe ()
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Home User\My Documents\Downloads\VideoToMp3Setup.exe" = C:\Documents and Settings\Home User\My Documents\Downloads\VideoToMp3Setup.exe:*:Enabled:InstallCore™ -- (InstallCore© Technologies )
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\Update\realsched.exe" = C:\Program Files\Real\RealPlayer\Update\realsched.exe:*:Enabled:RealNetworks Scheduler -- (RealNetworks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06924979-89C7-47A9-B4ED-9D2EE9A9941C}" = Update Service
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F535C04-86BE-47D1-98C6-8AB26D28482B}" = Singlesnet
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"SiS 650_651_M650_M652_740" = SiS 650_651_M650_M652_740
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"VLC media player" = VideoLAN VLC media player 0.8.6i
"webmmf" = WebM Media Foundation Components
"whitesmoketoolbar" = WhiteSmoke Toolbar
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.2 [32-Bit]
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/25/2011 4:05:19 PM | Computer Name = HOME-B2BC004AA3 | Source = Application Hang | ID = 1002
Description = Hanging application bcsa.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/25/2011 4:05:47 PM | Computer Name = HOME-B2BC004AA3 | Source = Application Hang | ID = 1001
Description = Fault bucket -1792404802.

Error - 6/25/2011 4:34:12 PM | Computer Name = HOME-B2BC004AA3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/25/2011 4:34:16 PM | Computer Name = HOME-B2BC004AA3 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/25/2011 5:04:46 PM | Computer Name = HOME-B2BC004AA3 | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)

Error - 6/25/2011 5:07:14 PM | Computer Name = HOME-B2BC004AA3 | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
Insufficient
system resources exist to complete the requested service. (0x800705aa)

Error - 6/25/2011 5:09:20 PM | Computer Name = HOME-B2BC004AA3 | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
Insufficient
system resources exist to complete the requested service. (0x800705aa)

Error - 6/25/2011 5:09:20 PM | Computer Name = HOME-B2BC004AA3 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME USER\RECENT\MALWARE FOROUM
INSTRUCTIONS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 6/25/2011 5:18:13 PM | Computer Name = HOME-B2BC004AA3 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME USER\LOCAL SETTINGS\HISTORY\HISTORY.IE5\MSHIST012011062520110626>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/25/2011 5:20:18 PM | Computer Name = HOME-B2BC004AA3 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 12.0.742.100, fault address 0x005a6fb2.

[ System Events ]
Error - 6/10/2011 11:10:40 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GDScan with
arguments "" in order to run the server: {244F96DF-80AE-45D3-968B-A53D71271177}

Error - 6/10/2011 11:10:58 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GDScan with
arguments "" in order to run the server: {244F96DF-80AE-45D3-968B-A53D71271177}

Error - 6/14/2011 9:18:21 AM | Computer Name = HOME-B2BC004AA3 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf954ef3, parameter3
ebbf5c00, parameter4 00000000.

Error - 6/14/2011 1:42:58 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 6/14/2011 1:52:17 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 6/20/2011 2:26:05 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 6/20/2011 3:44:36 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/20/2011 3:45:02 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/20/2011 3:46:39 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/20/2011 6:27:51 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
johnnycoolwhip
Regular Member
 
Posts: 21
Joined: June 12th, 2011, 11:32 am

Re: computer and internet slow

Unread postby johnnycoolwhip » June 25th, 2011, 5:35 pm

Heres lists OTL and Extras thanks
OTL
OTL logfile created on: 6/25/2011 4:19:08 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Home User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 327.49 Mb Available Physical Memory | 44.53% Memory free
1.38 Gb Paging File | 1.04 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.63 Gb Free Space | 58.05% Space Free | Partition Type: NTFS

Computer Name: HOME-B2BC004AA3 | User Name: Home User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
PRC - [2011/06/25 09:21:55 | 000,362,496 | ---- | M] () -- C:\WINDOWS\system32\bcsa.exe
PRC - [2011/06/25 09:15:19 | 000,360,448 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe
PRC - [2011/06/07 05:13:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54GSSVC)
SRV - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/14 12:22:58 | 000,041,424 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/06/14 12:22:58 | 000,031,184 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2011/06/10 08:14:19 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 06:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/02/25 13:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/25 15:39:06 | 000,203,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004/12/22 02:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/01/06 22:25:50 | 000,432,384 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/10/02 16:25:48 | 000,011,264 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/13 10:43:56 | 000,030,720 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17164"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=22cnf1hj8vtoi"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/20 15:59:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/01/12 16:18:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 08:55:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 08:55:39 | 000,000,000 | ---D | M]

[2011/03/13 10:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Extensions
[2011/03/13 10:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/06/25 09:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions
[2011/06/11 08:59:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/09 14:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions\ffxtlbr@babylon.com
[2011/06/12 09:37:30 | 000,002,581 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\searchplugins\askcom.xml
[2011/06/14 08:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/25 08:55:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/01/12 12:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/08/20 15:59:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/25 08:55:02 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/06/25 08:55:03 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/06/25 08:55:21 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2011/01/30 10:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/02/05 14:07:18 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2011/02/05 14:07:56 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2011/02/05 14:06:55 | 000,100,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2011/06/25 08:55:27 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/06/25 08:55:27 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/03/31 22:54:59 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011/06/24 14:38:19 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2011/06/25 08:55:27 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/06/25 08:55:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/06/25 08:55:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/06/25 08:55:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/06/25 08:55:27 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/06/23 15:51:04 | 000,000,916 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.95.59.211 www.google.com
O1 - Hosts: 184.95.59.212 search.yahoo.com
O1 - Hosts: 184.95.59.212 www.bing.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WhiteSmoke Toolbar) - {e4709dfb-a47d-451c-957d-e78d25263cb8} - C:\Program Files\whitesmoketoolbar\vmntemplateX.dll ()
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {e4709dfb-a47d-451c-957d-e78d25263cb8} - C:\Program Files\whitesmoketoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cftmon] C:\WINDOWS\system32\bcsa.exe ()
O4 - HKLM..\Run: [cleanddm] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [1664051546] C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Comp ... eQuery.dll (CSEQueryObject Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 6929235375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/20 15:47:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 15:39:37 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
[2011/06/25 14:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Local Settings\Application Data\Screentime
[2011/06/25 10:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\vmntemplate
[2011/06/25 10:02:58 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\ziz.com.exe
[2011/06/25 10:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\tdsskiller
[2011/06/25 09:31:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/06/25 09:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/06/25 08:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\whitesmoketoolbar
[2011/06/24 14:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/06/24 14:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/06/22 15:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/06/21 21:56:16 | 007,866,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Home User\Desktop\mseinstall.exe
[2011/06/21 11:50:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/21 09:36:52 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/14 13:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/06/14 13:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/14 13:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/14 13:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/14 12:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/14 12:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
[2011/06/14 12:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\Immunet
[2011/06/14 12:24:46 | 000,031,184 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011/06/14 12:23:44 | 000,041,424 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011/06/14 12:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\My Documents\My Google Gadgets
[2011/06/14 12:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WebM Project
[2011/06/14 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Updater
[2011/06/14 12:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2011/06/14 08:16:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/12 10:24:50 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\tds.com.exe
[2011/06/11 21:25:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/06/11 21:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/11 12:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\Auslogics
[2011/06/11 12:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemSpeedBooster
[2011/06/11 12:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\SystemSpeedBooster
[2011/06/11 12:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\SystemOptimizeExpert
[2011/06/11 12:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemOptimizeExpert
[2011/06/11 12:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\PICTURES
[2011/06/11 08:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates
[2011/06/11 08:12:55 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/11 08:03:35 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/10 22:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Singlesnet
[2011/06/10 22:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Singlesnet
[2011/06/10 15:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/10 15:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/10 14:37:05 | 000,068,976 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/06/10 14:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\DOCUMENTS
[2011/06/10 14:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\PROGRAMS installed
[2011/06/10 13:29:38 | 000,051,400 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/06/10 13:29:38 | 000,029,640 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/06/10 13:29:24 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/06/10 13:29:24 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/06/10 13:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/06/10 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/10 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011/06/10 13:25:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/06/10 13:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Local Settings\Application Data\Downloaded Installations
[2011/06/10 08:14:23 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/10 08:08:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/06/10 08:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/06/09 13:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/06/09 13:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 16:25:03 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-413027322-725345543-1003UA.job
[2011/06/25 16:23:15 | 000,013,510 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 16:20:23 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 16:19:17 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 16:16:52 | 000,000,226 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
[2011/06/25 16:14:45 | 000,013,504 | -HS- | M] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2702064725
[2011/06/25 16:14:45 | 000,013,504 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2702064725
[2011/06/25 16:13:58 | 000,013,394 | -HS- | M] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2271568364
[2011/06/25 16:13:58 | 000,013,394 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2271568364
[2011/06/25 16:13:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 16:13:16 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 16:13:15 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-413027322-725345543-1003.job
[2011/06/25 16:12:51 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/25 16:12:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
[2011/06/25 14:27:07 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/06/25 10:09:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/25 09:59:40 | 001,309,037 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\tdsskiller.zip
[2011/06/25 09:21:55 | 000,362,496 | ---- | M] () -- C:\WINDOWS\System32\bcsa.exe
[2011/06/24 05:26:31 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-413027322-725345543-1003Core.job
[2011/06/23 15:51:04 | 000,000,916 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/21 21:56:51 | 056,039,816 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\avira_antivir_personal_en.exe
[2011/06/21 21:56:25 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Home User\Desktop\mseinstall.exe
[2011/06/21 21:38:01 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\RKUnhookerLE.EXE
[2011/06/21 21:24:40 | 000,513,016 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\issetup.exe
[2011/06/21 21:17:12 | 000,505,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 21:17:12 | 000,087,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/21 11:54:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/20 17:36:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/20 13:50:36 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/20 13:50:33 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\Google Chrome.lnk
[2011/06/16 15:28:00 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\ziz.com.exe
[2011/06/14 13:36:42 | 000,649,458 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/14 13:15:03 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/14 12:49:39 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/14 12:22:58 | 000,041,424 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011/06/14 12:22:58 | 000,031,184 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011/06/14 12:08:26 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\HiJackThis.msi
[2011/06/12 10:24:59 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\tds.com.exe
[2011/06/11 08:12:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/11 08:03:35 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/10 22:38:18 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Start Singlesnet.lnk
[2011/06/10 14:37:05 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/06/10 13:29:39 | 000,029,640 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/06/10 13:29:38 | 000,051,400 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/06/10 13:29:24 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/06/10 13:29:24 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/06/10 13:19:14 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/10 12:44:54 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\Shortcut to Downloads.lnk
[2011/06/10 08:14:19 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/09 16:35:50 | 000,000,735 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/30 17:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 14:48:11 | 009,322,498 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\lanoire_screensaver_pc.exe
[2011/06/25 09:52:57 | 001,309,037 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\tdsskiller.zip
[2011/06/25 09:42:29 | 000,013,394 | -HS- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2271568364
[2011/06/25 09:41:26 | 000,013,510 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 09:21:17 | 000,013,504 | -HS- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2702064725
[2011/06/25 09:21:17 | 000,013,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2271568364
[2011/06/25 09:15:36 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 09:15:36 | 000,013,504 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2702064725
[2011/06/25 09:15:34 | 000,362,496 | ---- | C] () -- C:\WINDOWS\System32\bcsa.exe
[2011/06/25 09:15:32 | 000,000,226 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
[2011/06/25 09:15:21 | 000,015,158 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 09:15:21 | 000,013,510 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 09:15:19 | 000,360,448 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe
[2011/06/21 21:53:33 | 056,039,816 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\avira_antivir_personal_en.exe
[2011/06/21 21:38:01 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\RKUnhookerLE.EXE
[2011/06/21 21:24:37 | 000,513,016 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\issetup.exe
[2011/06/21 21:05:40 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\install
[2011/06/21 21:00:21 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\1.gif
[2011/06/21 21:00:20 | 000,663,040 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\gog.exe
[2011/06/21 20:57:55 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ct_start
[2011/06/14 13:36:13 | 000,649,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/14 13:15:03 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/14 13:15:02 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/14 12:49:39 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/14 12:09:50 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/14 12:08:24 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\HiJackThis.msi
[2011/06/10 22:38:17 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Start Singlesnet.lnk
[2011/06/10 13:30:18 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/10 12:44:54 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\Shortcut to Downloads.lnk
[2011/06/09 16:35:49 | 000,000,735 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/07 10:37:59 | 000,000,480 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/03/13 10:43:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/24 11:57:35 | 000,022,024 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/24 11:32:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/01/24 11:32:22 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/01/24 11:32:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/01/24 11:32:04 | 000,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/01/22 19:12:06 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/22 19:12:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/22 11:31:23 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/22 09:56:07 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 16:01:16 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\TVModeLib.dll
[2010/08/20 16:01:16 | 000,034,915 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2010/08/20 16:01:16 | 000,016,819 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2010/08/20 16:00:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2010/08/20 16:00:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2010/08/20 16:00:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2010/08/20 16:00:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2010/08/20 15:59:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/20 15:50:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/20 10:07:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/20 09:55:43 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,505,574 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,087,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/08/23 09:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/10 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/01/22 10:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/01/24 12:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/11 12:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemOptimizeExpert
[2011/06/11 12:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemSpeedBooster
[2011/06/09 16:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/21 22:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/31 22:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Acapela Group
[2011/06/11 12:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Auslogics
[2011/02/03 19:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\ElevatedDiagnostics
[2011/02/05 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\GetRightToGo
[2011/06/14 12:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Immunet
[2011/02/05 14:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\OpenCandy
[2011/06/11 12:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SystemOptimizeExpert
[2011/06/11 12:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SystemSpeedBooster
[2011/05/07 12:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Uniblue
[2011/06/25 10:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\vmntemplate
[2011/06/25 10:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\whitesmoketoolbar
[2011/01/12 15:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Desktop Search
[2011/01/23 19:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Search
[2011/06/25 14:27:07 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
EATRAS


OTL Extras logfile created on: 6/25/2011 4:19:08 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Home User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 327.49 Mb Available Physical Memory | 44.53% Memory free
1.38 Gb Paging File | 1.04 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.63 Gb Free Space | 58.05% Space Free | Partition Type: NTFS

Computer Name: HOME-B2BC004AA3 | User Name: Home User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe ()
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Home User\My Documents\Downloads\VideoToMp3Setup.exe" = C:\Documents and Settings\Home User\My Documents\Downloads\VideoToMp3Setup.exe:*:Enabled:InstallCore™ -- (InstallCore© Technologies )
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\Update\realsched.exe" = C:\Program Files\Real\RealPlayer\Update\realsched.exe:*:Enabled:RealNetworks Scheduler -- (RealNetworks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06924979-89C7-47A9-B4ED-9D2EE9A9941C}" = Update Service
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F535C04-86BE-47D1-98C6-8AB26D28482B}" = Singlesnet
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"SiS 650_651_M650_M652_740" = SiS 650_651_M650_M652_740
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"VLC media player" = VideoLAN VLC media player 0.8.6i
"webmmf" = WebM Media Foundation Components
"whitesmoketoolbar" = WhiteSmoke Toolbar
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.2 [32-Bit]
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/25/2011 4:05:19 PM | Computer Name = HOME-B2BC004AA3 | Source = Application Hang | ID = 1002
Description = Hanging application bcsa.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/25/2011 4:05:47 PM | Computer Name = HOME-B2BC004AA3 | Source = Application Hang | ID = 1001
Description = Fault bucket -1792404802.

Error - 6/25/2011 4:34:12 PM | Computer Name = HOME-B2BC004AA3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/25/2011 4:34:16 PM | Computer Name = HOME-B2BC004AA3 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/25/2011 5:04:46 PM | Computer Name = HOME-B2BC004AA3 | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)

Error - 6/25/2011 5:07:14 PM | Computer Name = HOME-B2BC004AA3 | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
Insufficient
system resources exist to complete the requested service. (0x800705aa)

Error - 6/25/2011 5:09:20 PM | Computer Name = HOME-B2BC004AA3 | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
Insufficient
system resources exist to complete the requested service. (0x800705aa)

Error - 6/25/2011 5:09:20 PM | Computer Name = HOME-B2BC004AA3 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME USER\RECENT\MALWARE FOROUM
INSTRUCTIONS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 6/25/2011 5:18:13 PM | Computer Name = HOME-B2BC004AA3 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HOME USER\LOCAL SETTINGS\HISTORY\HISTORY.IE5\MSHIST012011062520110626>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/25/2011 5:20:18 PM | Computer Name = HOME-B2BC004AA3 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 12.0.742.100, fault address 0x005a6fb2.

[ System Events ]
Error - 6/10/2011 11:10:40 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GDScan with
arguments "" in order to run the server: {244F96DF-80AE-45D3-968B-A53D71271177}

Error - 6/10/2011 11:10:58 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service GDScan with
arguments "" in order to run the server: {244F96DF-80AE-45D3-968B-A53D71271177}

Error - 6/14/2011 9:18:21 AM | Computer Name = HOME-B2BC004AA3 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf954ef3, parameter3
ebbf5c00, parameter4 00000000.

Error - 6/14/2011 1:42:58 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 6/14/2011 1:52:17 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 6/20/2011 2:26:05 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 6/20/2011 3:44:36 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/20/2011 3:45:02 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/20/2011 3:46:39 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/20/2011 6:27:51 PM | Computer Name = HOME-B2BC004AA3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
johnnycoolwhip
Regular Member
 
Posts: 21
Joined: June 12th, 2011, 11:32 am

Re: computer and internet slow

Unread postby johnnycoolwhip » June 25th, 2011, 5:41 pm

Thier is a gts.exe process that keeps on popping up as windows antivirus program that says its detecting a virus or something. Everytime I click on Chrome or any program in windows it pops up sometimes seveveral times at once. I have to keep on ending the process to run anything. So you might not see that process in the logs. But its thier and kicking my ass lol
johnnycoolwhip
Regular Member
 
Posts: 21
Joined: June 12th, 2011, 11:32 am

Re: computer and internet slow

Unread postby askey127 » June 25th, 2011, 8:32 pm

johnnycoolwhip,
We will get all that junk. Trying to knock out big chunks at a time.
You should stay away from Ask.com as a search site.
The two toolbars below are undesirable, so we will attempt to remove them.
After these procedures, you will need to reset your Firefox search to something like Google or Bing.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

ShopAtHome.com Toolbar
WhiteSmoke Toolbar

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    [2011/06/12 09:37:30 | 000,002,581 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\searchplugins\askcom.xml
    [2011/06/24 14:38:19 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
    O2 - BHO: (WhiteSmoke Toolbar) - {e4709dfb-a47d-451c-957d-e78d25263cb8} - C:\Program Files\whitesmoketoolbar\vmntemplateX.dll ()
    O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
    O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
    O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {e4709dfb-a47d-451c-957d-e78d25263cb8} - C:\Program Files\whitesmoketoolbar\vmntemplateX.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
    O4 - HKLM..\Run: [cleanddm] File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKCU..\Run: [1664051546] C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe ()
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    [2011/06/25 08:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\whitesmoketoolbar
    [2011/06/24 14:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
    [2011/06/24 14:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
    [2011/06/25 16:23:15 | 000,013,510 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pslfh888qr6kqq7l08484432
    [2011/06/25 16:19:17 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\pslfh888qr6kqq7l08484432
    O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
    O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %* ()
    
    :Files
    C:\Program Files\SelectRebates\Toolbar
    C:\Program Files\whitesmoketoolbar
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and Reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: computer and internet slow

Unread postby johnnycoolwhip » June 25th, 2011, 11:39 pm

Here's OTL quickscan log:
Ill post SystemLook's log in next reply.

OTL logfile created on: 6/25/2011 10:24:06 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Home User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 397.89 Mb Available Physical Memory | 54.10% Memory free
1.38 Gb Paging File | 1.08 Gb Available in Paging File | 78.11% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.99 Gb Free Space | 59.02% Space Free | Partition Type: NTFS

Computer Name: HOME-B2BC004AA3 | User Name: Home User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
PRC - [2011/06/25 09:21:55 | 000,362,496 | ---- | M] () -- C:\WINDOWS\system32\bcsa.exe
PRC - [2011/06/07 05:13:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54GSSVC)
SRV - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/14 12:22:58 | 000,041,424 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/06/14 12:22:58 | 000,031,184 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2011/06/10 08:14:19 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 06:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/02/25 13:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/25 15:39:06 | 000,203,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004/12/22 02:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/01/06 22:25:50 | 000,432,384 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/10/02 16:25:48 | 000,011,264 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/13 10:43:56 | 000,030,720 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17164"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=22cnf1hj8vtoi"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 08:55:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 08:55:39 | 000,000,000 | ---D | M]

[2011/03/13 10:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Extensions
[2011/06/25 09:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions
[2011/06/11 08:59:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/09 14:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions\ffxtlbr@babylon.com
[2011/06/14 08:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/12 12:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/08/20 15:59:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/31 22:54:59 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/06/23 15:51:04 | 000,000,916 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.95.59.211 www.google.com
O1 - Hosts: 184.95.59.212 search.yahoo.com
O1 - Hosts: 184.95.59.212 www.bing.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cftmon] C:\WINDOWS\system32\bcsa.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Comp ... eQuery.dll (CSEQueryObject Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 6929235375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/20 15:47:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 22:14:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/25 15:39:37 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
[2011/06/25 14:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Local Settings\Application Data\Screentime
[2011/06/25 10:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\vmntemplate
[2011/06/25 10:02:58 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\ziz.com.exe
[2011/06/25 10:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\tdsskiller
[2011/06/25 09:31:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/06/25 09:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/06/22 15:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/06/21 11:50:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/14 13:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/06/14 13:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/14 13:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/14 13:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/14 12:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/14 12:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
[2011/06/14 12:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\Immunet
[2011/06/14 12:24:46 | 000,031,184 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011/06/14 12:23:44 | 000,041,424 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011/06/14 12:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\My Documents\My Google Gadgets
[2011/06/14 12:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WebM Project
[2011/06/14 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Updater
[2011/06/14 12:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2011/06/14 08:16:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/12 10:24:50 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\tds.com.exe
[2011/06/11 21:25:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/06/11 21:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/11 12:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\Auslogics
[2011/06/11 12:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemSpeedBooster
[2011/06/11 12:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\SystemSpeedBooster
[2011/06/11 12:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\SystemOptimizeExpert
[2011/06/11 12:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemOptimizeExpert
[2011/06/11 12:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\PICTURES
[2011/06/11 08:03:35 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/10 22:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Singlesnet
[2011/06/10 22:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Singlesnet
[2011/06/10 15:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/10 15:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/10 14:37:05 | 000,068,976 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/06/10 14:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\DOCUMENTS
[2011/06/10 14:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\PROGRAMS installed
[2011/06/10 13:29:38 | 000,051,400 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/06/10 13:29:38 | 000,029,640 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/06/10 13:29:24 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/06/10 13:29:24 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/06/10 13:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/06/10 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/10 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011/06/10 13:25:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/06/10 13:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Local Settings\Application Data\Downloaded Installations
[2011/06/10 08:14:23 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/10 08:08:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/06/10 08:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/06/09 13:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/06/09 13:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

========== Files - Modified Within 30 Days ==========

[2011/06/25 22:27:30 | 000,000,226 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
[2011/06/25 22:26:51 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\SystemLook.exe
[2011/06/25 22:25:06 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-413027322-725345543-1003UA.job
[2011/06/25 22:21:21 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 22:21:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 22:21:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-413027322-725345543-1003.job
[2011/06/25 22:20:55 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/25 22:20:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 22:00:08 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2011/06/25 21:58:21 | 000,013,422 | -HS- | M] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2702064725
[2011/06/25 21:51:46 | 000,013,430 | -HS- | M] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2271568364
[2011/06/25 21:51:46 | 000,013,430 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2271568364
[2011/06/25 21:51:46 | 000,013,422 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2702064725
[2011/06/25 19:30:26 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/06/25 19:20:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
[2011/06/25 10:09:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/25 09:59:40 | 001,309,037 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\tdsskiller.zip
[2011/06/25 09:21:55 | 000,362,496 | ---- | M] () -- C:\WINDOWS\System32\bcsa.exe
[2011/06/24 05:26:31 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-413027322-725345543-1003Core.job
[2011/06/23 15:51:04 | 000,000,916 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/21 21:56:51 | 056,039,816 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\avira_antivir_personal_en.exe
[2011/06/21 21:38:01 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\RKUnhookerLE.EXE
[2011/06/21 21:24:40 | 000,513,016 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\issetup.exe
[2011/06/21 21:17:12 | 000,505,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 21:17:12 | 000,087,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/21 11:54:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/20 17:36:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/20 13:50:36 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/20 13:50:33 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\Google Chrome.lnk
[2011/06/16 15:28:00 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\ziz.com.exe
[2011/06/14 13:36:42 | 000,649,458 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/14 13:15:03 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/14 12:49:39 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/14 12:22:58 | 000,041,424 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011/06/14 12:22:58 | 000,031,184 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011/06/14 12:08:26 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\HiJackThis.msi
[2011/06/12 10:24:59 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\tds.com.exe
[2011/06/11 08:03:35 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/10 22:38:18 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Start Singlesnet.lnk
[2011/06/10 14:37:05 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/06/10 13:29:39 | 000,029,640 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/06/10 13:29:38 | 000,051,400 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/06/10 13:29:24 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/06/10 13:29:24 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/06/10 12:44:54 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\Shortcut to Downloads.lnk
[2011/06/10 08:14:19 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/09 16:35:50 | 000,000,735 | ---- | M] () -- C:\WINDOWS\wininit.ini

========== Files Created - No Company Name ==========

[2011/06/25 22:26:51 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\SystemLook.exe
[2011/06/25 22:00:08 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2011/06/25 14:48:11 | 009,322,498 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\lanoire_screensaver_pc.exe
[2011/06/25 09:52:57 | 001,309,037 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\tdsskiller.zip
[2011/06/25 09:42:29 | 000,013,430 | -HS- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2271568364
[2011/06/25 09:41:26 | 000,013,416 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 09:21:17 | 000,013,430 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2271568364
[2011/06/25 09:21:17 | 000,013,422 | -HS- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2702064725
[2011/06/25 09:15:36 | 000,013,422 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2702064725
[2011/06/25 09:15:34 | 000,362,496 | ---- | C] () -- C:\WINDOWS\System32\bcsa.exe
[2011/06/25 09:15:32 | 000,000,226 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
[2011/06/25 09:15:21 | 000,015,158 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/21 21:53:33 | 056,039,816 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\avira_antivir_personal_en.exe
[2011/06/21 21:38:01 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\RKUnhookerLE.EXE
[2011/06/21 21:24:37 | 000,513,016 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\issetup.exe
[2011/06/21 21:05:40 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\install
[2011/06/21 21:00:21 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\1.gif
[2011/06/21 20:57:55 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ct_start
[2011/06/14 13:36:13 | 000,649,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/14 13:15:03 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/14 13:15:02 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/14 12:49:39 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/14 12:09:50 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/14 12:08:24 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\HiJackThis.msi
[2011/06/10 22:38:17 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Start Singlesnet.lnk
[2011/06/10 12:44:54 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\Shortcut to Downloads.lnk
[2011/06/09 16:35:49 | 000,000,735 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/07 10:37:59 | 000,000,480 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/03/13 10:43:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/24 11:57:35 | 000,022,024 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/24 11:32:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/01/24 11:32:22 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/01/24 11:32:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/01/24 11:32:04 | 000,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/01/22 19:12:06 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/22 19:12:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/22 11:31:23 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/22 09:56:07 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 16:01:16 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\TVModeLib.dll
[2010/08/20 16:01:16 | 000,034,915 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2010/08/20 16:01:16 | 000,016,819 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2010/08/20 16:00:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2010/08/20 16:00:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2010/08/20 16:00:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2010/08/20 16:00:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2010/08/20 15:59:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/20 15:50:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/20 10:07:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/20 09:55:43 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,505,574 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,087,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/08/23 09:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/10 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/01/22 10:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/01/24 12:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/11 12:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemOptimizeExpert
[2011/06/11 12:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemSpeedBooster
[2011/06/09 16:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/21 22:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/31 22:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Acapela Group
[2011/06/11 12:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Auslogics
[2011/02/03 19:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\ElevatedDiagnostics
[2011/02/05 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\GetRightToGo
[2011/06/14 12:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Immunet
[2011/02/05 14:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\OpenCandy
[2011/06/11 12:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SystemOptimizeExpert
[2011/06/11 12:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SystemSpeedBooster
[2011/05/07 12:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Uniblue
[2011/06/25 10:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\vmntemplate
[2011/01/12 15:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Desktop Search
[2011/01/23 19:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Search
[2011/06/25 19:30:26 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
johnnycoolwhip
Regular Member
 
Posts: 21
Joined: June 12th, 2011, 11:32 am

Re: computer and internet slow

Unread postby johnnycoolwhip » June 26th, 2011, 12:16 am

SystemLook keeps on freezing up or somthing. The error reporting come up saying "the program is exsperiencing problems" or something in that order. I tried DLing sys look from that other mirror but the same thing happens again. Let me know what I should do. My computer is already running better no pop ups so far. Thanks John Z.
johnnycoolwhip
Regular Member
 
Posts: 21
Joined: June 12th, 2011, 11:32 am

Re: computer and internet slow

Unread postby askey127 » June 26th, 2011, 7:07 am

johnnycoolwhip,
OK. Delete SystemLook from your desktop.
---------------------------------------------
Run a Custom Scan with OTL
  • Double click the icon to run it.. Make sure all other windows are closed to let it run uninterrupted.
  • Click Scan All Users.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
    Code: Select all
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchqu;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
    It will be a fresh version of OTL.txt and it should be saved on your desktop.
  • Make sure Notepad's Format, Wordwrap is unchecked.
  • Please copy the contents of this file, and post it in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: computer and internet slow

Unread postby johnnycoolwhip » June 26th, 2011, 10:26 am

Heres the OTL log. TeaTimer is still starting with windows even though I removed spybot. I can worry about it later no big deal. Thanks John Z

OTL logfile created on: 6/26/2011 9:09:53 AM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Home User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 372.84 Mb Available Physical Memory | 50.69% Memory free
1.38 Gb Paging File | 1.07 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.75 Gb Free Space | 58.38% Space Free | Partition Type: NTFS

Computer Name: HOME-B2BC004AA3 | User Name: Home User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
PRC - [2011/06/25 09:21:55 | 000,362,496 | ---- | M] () -- C:\WINDOWS\system32\bcsa.exe
PRC - [2011/06/07 05:13:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54GSSVC)
SRV - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/14 12:22:58 | 000,041,424 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/06/14 12:22:58 | 000,031,184 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2011/06/10 08:14:19 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 06:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/02/25 13:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/25 15:39:06 | 000,203,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004/12/22 02:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/01/06 22:25:50 | 000,432,384 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/10/02 16:25:48 | 000,011,264 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/13 10:43:56 | 000,030,720 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1708537768-413027322-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1708537768-413027322-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1708537768-413027322-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1708537768-413027322-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1708537768-413027322-725345543-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1708537768-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17164"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=22cnf1hj8vtoi"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/20 15:59:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/01/12 16:18:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 08:55:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 08:55:39 | 000,000,000 | ---D | M]

[2011/03/13 10:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Extensions
[2011/03/13 10:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/06/25 09:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions
[2011/06/11 08:59:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/09 14:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\esu596dt.default\extensions\ffxtlbr@babylon.com
[2011/06/14 08:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/25 08:55:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/01/12 12:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/08/20 15:59:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/25 08:55:02 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/06/25 08:55:03 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/06/25 08:55:21 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2011/01/30 10:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/02/05 14:07:18 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2011/02/05 14:07:56 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2011/02/05 14:06:55 | 000,100,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2011/06/25 08:55:27 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/06/25 08:55:27 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/03/31 22:54:59 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011/06/25 08:55:27 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/06/25 08:55:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/06/25 08:55:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/06/25 08:55:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/06/25 08:55:27 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/06/23 15:51:04 | 000,000,916 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.95.59.211 www.google.com
O1 - Hosts: 184.95.59.212 search.yahoo.com
O1 - Hosts: 184.95.59.212 www.bing.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-413027322-725345543-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1708537768-413027322-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cftmon] C:\WINDOWS\system32\bcsa.exe ()
O4 - HKU\.DEFAULT..\Run: [1664051546] File not found
O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [1664051546] File not found
O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1708537768-413027322-725345543-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1708537768-413027322-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1708537768-413027322-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-413027322-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Comp ... eQuery.dll (CSEQueryObject Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 6929235375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\gog.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\gog.exe) - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/20 15:47:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gts.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 22:14:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/25 15:39:37 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
[2011/06/25 14:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Local Settings\Application Data\Screentime
[2011/06/25 10:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\vmntemplate
[2011/06/25 10:02:58 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\ziz.com.exe
[2011/06/25 10:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\tdsskiller
[2011/06/25 09:31:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/06/25 09:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/06/22 15:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/06/21 21:56:16 | 007,866,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Home User\Desktop\mseinstall.exe
[2011/06/21 11:50:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/21 09:36:52 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/14 13:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/06/14 13:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/14 13:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/14 13:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/14 12:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/14 12:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
[2011/06/14 12:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\Immunet
[2011/06/14 12:24:46 | 000,031,184 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011/06/14 12:23:44 | 000,041,424 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011/06/14 12:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\My Documents\My Google Gadgets
[2011/06/14 12:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WebM Project
[2011/06/14 12:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Updater
[2011/06/14 12:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2011/06/14 08:16:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/12 10:24:50 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\tds.com.exe
[2011/06/11 21:25:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/06/11 21:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/11 12:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\Auslogics
[2011/06/11 12:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemSpeedBooster
[2011/06/11 12:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\SystemSpeedBooster
[2011/06/11 12:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Application Data\SystemOptimizeExpert
[2011/06/11 12:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemOptimizeExpert
[2011/06/11 12:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\PICTURES
[2011/06/11 08:12:55 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/11 08:03:35 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/10 22:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Singlesnet
[2011/06/10 22:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Singlesnet
[2011/06/10 15:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/10 15:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/10 14:37:05 | 000,068,976 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/06/10 14:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\DOCUMENTS
[2011/06/10 14:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Desktop\PROGRAMS installed
[2011/06/10 13:29:38 | 000,051,400 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/06/10 13:29:38 | 000,029,640 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/06/10 13:29:24 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/06/10 13:29:24 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/06/10 13:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/06/10 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/10 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011/06/10 13:25:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/06/10 13:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home User\Local Settings\Application Data\Downloaded Installations
[2011/06/10 08:14:23 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/10 08:08:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/06/10 08:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/06/09 13:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/06/09 13:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

========== Files - Modified Within 30 Days ==========

[2011/06/26 09:07:33 | 000,000,226 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
[2011/06/26 09:03:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/26 09:02:59 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/26 09:02:58 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-413027322-725345543-1003.job
[2011/06/26 09:02:31 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/26 09:02:17 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/06/26 09:02:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/26 00:25:06 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-413027322-725345543-1003UA.job
[2011/06/26 00:20:28 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 22:00:08 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2011/06/25 21:58:21 | 000,013,422 | -HS- | M] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2702064725
[2011/06/25 21:51:46 | 000,013,430 | -HS- | M] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2271568364
[2011/06/25 21:51:46 | 000,013,430 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2271568364
[2011/06/25 21:51:46 | 000,013,422 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2702064725
[2011/06/25 15:39:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home User\Desktop\OTL.exe
[2011/06/25 10:09:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/25 09:59:40 | 001,309,037 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\tdsskiller.zip
[2011/06/25 09:21:55 | 000,362,496 | ---- | M] () -- C:\WINDOWS\System32\bcsa.exe
[2011/06/24 05:26:31 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-413027322-725345543-1003Core.job
[2011/06/23 15:51:04 | 000,000,916 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/21 21:56:51 | 056,039,816 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\avira_antivir_personal_en.exe
[2011/06/21 21:56:25 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Home User\Desktop\mseinstall.exe
[2011/06/21 21:38:01 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\RKUnhookerLE.EXE
[2011/06/21 21:24:40 | 000,513,016 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\issetup.exe
[2011/06/21 21:17:12 | 000,505,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/21 21:17:12 | 000,087,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/21 11:54:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/20 17:36:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/20 13:50:36 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Home User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/20 13:50:33 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\Google Chrome.lnk
[2011/06/16 15:28:00 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\ziz.com.exe
[2011/06/14 13:36:42 | 000,649,458 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/14 13:15:03 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/14 12:49:39 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/14 12:22:58 | 000,041,424 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011/06/14 12:22:58 | 000,031,184 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011/06/14 12:08:26 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\HiJackThis.msi
[2011/06/12 10:24:59 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Home User\Desktop\tds.com.exe
[2011/06/11 08:12:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/11 08:03:35 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/10 22:38:18 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Start Singlesnet.lnk
[2011/06/10 14:37:05 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011/06/10 13:29:39 | 000,029,640 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011/06/10 13:29:38 | 000,051,400 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011/06/10 13:29:24 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011/06/10 13:29:24 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011/06/10 12:44:54 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Home User\Desktop\Shortcut to Downloads.lnk
[2011/06/10 08:14:19 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/09 16:35:50 | 000,000,735 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/30 17:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2011/06/25 22:00:08 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2011/06/25 14:48:11 | 009,322,498 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\lanoire_screensaver_pc.exe
[2011/06/25 09:52:57 | 001,309,037 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\tdsskiller.zip
[2011/06/25 09:42:29 | 000,013,430 | -HS- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2271568364
[2011/06/25 09:41:26 | 000,013,416 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/25 09:21:17 | 000,013,430 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2271568364
[2011/06/25 09:21:17 | 000,013,422 | -HS- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\2702064725
[2011/06/25 09:15:36 | 000,013,422 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2702064725
[2011/06/25 09:15:34 | 000,362,496 | ---- | C] () -- C:\WINDOWS\System32\bcsa.exe
[2011/06/25 09:15:32 | 000,000,226 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
[2011/06/25 09:15:21 | 000,015,158 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\pslfh888qr6kqq7l08484432
[2011/06/21 21:53:33 | 056,039,816 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\avira_antivir_personal_en.exe
[2011/06/21 21:38:01 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\RKUnhookerLE.EXE
[2011/06/21 21:24:37 | 000,513,016 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\issetup.exe
[2011/06/21 21:05:40 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\install
[2011/06/21 21:00:21 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\1.gif
[2011/06/21 20:57:55 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ct_start
[2011/06/14 13:36:13 | 000,649,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/14 13:15:03 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/14 13:15:02 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/14 12:49:39 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/14 12:09:50 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/14 12:08:24 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\HiJackThis.msi
[2011/06/10 22:38:17 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Start Singlesnet.lnk
[2011/06/10 12:44:54 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Home User\Desktop\Shortcut to Downloads.lnk
[2011/06/09 16:35:49 | 000,000,735 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/07 10:37:59 | 000,000,480 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/03/13 10:43:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/24 11:57:35 | 000,022,024 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/24 11:32:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/01/24 11:32:22 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/01/24 11:32:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/01/24 11:32:04 | 000,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/01/22 19:12:06 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/22 19:12:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/22 11:31:23 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/22 09:56:07 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Home User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 16:01:16 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\TVModeLib.dll
[2010/08/20 16:01:16 | 000,034,915 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2010/08/20 16:01:16 | 000,016,819 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2010/08/20 16:00:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2010/08/20 16:00:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2010/08/20 16:00:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2010/08/20 16:00:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2010/08/20 15:59:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/20 15:50:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/20 10:07:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/20 09:55:43 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,505,574 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,087,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/08/23 09:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/10 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/01/22 10:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/01/24 12:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/11 12:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemOptimizeExpert
[2011/06/11 12:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemSpeedBooster
[2011/06/09 16:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/21 22:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/31 22:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Acapela Group
[2011/06/11 12:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Auslogics
[2011/02/03 19:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\ElevatedDiagnostics
[2011/02/05 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\GetRightToGo
[2011/06/14 12:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Immunet
[2011/02/05 14:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\OpenCandy
[2011/06/11 12:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SystemOptimizeExpert
[2011/06/11 12:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\SystemSpeedBooster
[2011/05/07 12:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Uniblue
[2011/06/25 10:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\vmntemplate
[2011/01/12 15:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Desktop Search
[2011/01/23 19:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home User\Application Data\Windows Search
[2011/06/26 09:02:17 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job

========== Purity Check ==========



========== Custom Scans ==========


< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchqu;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >
[2011/05/06 10:26:03 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Home User\Local Settings\Application Data\Ilivid Player

< c:|whitesmoke;true;true;true; /FP >
[2011/06/24 14:38:16 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\06252011_221413\C_Documents and Settings\NetworkService\Application Data\whitesmoketoolbar

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
johnnycoolwhip
Regular Member
 
Posts: 21
Joined: June 12th, 2011, 11:32 am

Re: computer and internet slow

Unread postby askey127 » June 26th, 2011, 12:20 pm

johnnycoolwhip,
----------------------------------------------
Revo Uninstaller
Uninstall programs and remove remnants left from previous uninstalls.
Tutorial with screen shots available here, if needed.

Please download Revo Uninstaller Free and save it to your desktop.
Double click on "revosetup.exe" to install. Follow/allow default installation.
  1. Double click Revo Uninstaller from the Start Menu programs list, to run it.
  2. From the list of programs click on Spybot Search & Destroy and choose "Uninstall".
  3. When prompted click Yes.
  4. Make sure the Moderate option is checked... then click Next.
  5. The program will run, when prompted... click Yes... then Next.
  6. Once the program has searched for leftovers click Next.
  7. Check ONLY the bolded items on the list then... click Next... then Yes.
  8. When done click Finish.
    The problem program entries should now be gone.
.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    [2011/05/06 10:26:03 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Home User\Local Settings\Application Data\Ilivid Player
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware