Jump to content

Computer cleaned but MBAM still won't update


IanH

Recommended Posts

This computer was infected but I believe that I have successfully cleaned it. MBAM Cameleon runs and no longer detects any malware, same with Avast.

BUT I can't get the standard MBAM to update or run.... works fine and gives a clean report when I run Cameleon, made sure I ran Full scans

I've gone through the process of un-installaing and re-installing MBAM, even ran the Cleaner process noted on the forums to do a clean uninstall of MBAM before re-installing it.

Hoping someone can give me some advice.

dds.txt

attach.txt

Link to post
Share on other sites

Hello IanH and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please uninstall this application: µTorrent and then generate a new fresh DDS log files.

http://forums.malwarebytes.org/index.php?showtopic=97700

Link to post
Share on other sites

Yes that makes a lot of sense. I hate that kind of crap, this is my adult sons computer and when he brought it home to me for help, there it was. I should have removed it before.

DDS (Ver_2012-10-19.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2

Run by Ian Harrop at 5:27:54 on 2012-11-05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1428 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

z:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

z:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\MagicRotation\MagicPvt.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\vVX1000.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

Z:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\MagicTune Premium\GammaTray.exe

Z:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\System32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [intelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"

mRun: [bootSkin Startup Jobs] "c:\program files\stardock\wincustomize\bootskin\BootSkin.exe" /StartupJobs

mRun: [MagicRotation] c:\program files\magicrotation\MagicPvt.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [VX1000] c:\windows\vVX1000.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

StartupFolder: c:\docume~1\ianhar~1\startm~1\programs\startup\magicd~1.lnk - z:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\windows\system32\HMIPCore.dll

LSP: mswsock.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ezproxy.lib.ucalgary.ca/lib/ucalgary/support/plugins/ebraryRdr.cab

DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118841937078

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118841924437

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{01459325-7A99-4C53-861E-B4693CF9D737} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{0E96D7B1-BB01-423C-B4FC-1BE34E353D13} : DHCPNameServer = 192.168.2.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: WB - c:\progra~1\stardock\object~1\window~1\fastload.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-11-2 14776]

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-9-6 77312]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-3 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-3 361032]

R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [2008-8-18 9728]

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;z:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-2 464256]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-3 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-3 44808]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-9-24 1328736]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-9-24 656480]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-4 40776]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-9 15544]

S0 cqjhffil;cqjhffil;c:\windows\system32\drivers\cxwae.sys --> c:\windows\system32\drivers\cxwae.sys [?]

S0 onksw;onksw;c:\windows\system32\drivers\jfvd.sys --> c:\windows\system32\drivers\jfvd.sys [?]

S0 qdhcs;qdhcs;c:\windows\system32\drivers\yhdbvk.sys --> c:\windows\system32\drivers\yhdbvk.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-10-19 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-11-2 250808]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]

S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2004-10-16 31872]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2009-3-9 18432]

S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2009-3-9 360448]

S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2009-3-9 18944]

S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [2009-3-9 33792]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]

.

=============== File Associations ===============

.

FileExt: .scr: AOEMViewScriptFile - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]

.

=============== Created Last 30 ================

.

2030-12-16 02:47:51 -------- d-----w- c:\windows\system32\E177E04D548C4006A465EEB92D3DE021

2012-11-05 00:32:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-11-05 00:32:50 -------- d-----w- c:\documents and settings\ian harrop\application data\Malwarebytes

2012-11-05 00:32:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-11-05 00:32:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-05 00:32:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-03 19:03:37 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-11-03 19:02:52 41224 ----a-w- c:\windows\avastSS.scr

2012-11-03 19:02:28 -------- d-----w- c:\program files\AVAST Software

2012-11-03 19:02:28 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-11-03 03:36:23 -------- d-----w- c:\windows\system32\winrm

2012-11-03 03:36:23 -------- d-----w- c:\windows\system32\GroupPolicy

2012-11-03 03:36:03 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2012-11-03 03:08:06 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-11-03 02:43:32 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-11-03 02:42:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-11-03 01:32:46 -------- d-----r- c:\program files\Skype

2012-11-03 01:08:19 -------- d-----w- c:\documents and settings\ian harrop\local settings\application data\Sun

2012-11-02 23:56:52 -------- d-----w- c:\windows\system32\DRM

2012-11-02 23:14:55 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-02 23:13:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-02 22:41:41 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-02 22:33:12 -------- d-----w- c:\documents and settings\ian harrop\local settings\application data\Secunia PSI

2012-11-02 22:33:04 -------- d-----w- c:\program files\Secunia

2012-11-02 22:20:44 -------- d-----w- c:\documents and settings\all users\application data\IObit

2012-11-02 22:20:42 -------- d-----w- c:\documents and settings\ian harrop\application data\IObit

2012-11-02 22:10:49 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-11-02 21:36:50 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-11-02 21:36:50 3072 ------w- c:\windows\system32\iacenc.dll

2012-11-02 21:28:43 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-11-02 20:50:30 -------- d-----w- c:\documents and settings\all users\application data\Sophos

.

==================== Find3M ====================

.

2012-11-03 16:54:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-02 23:12:03 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-02 23:12:02 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2004-03-11 19:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 5:28:33.40 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 9/6/2004 9:44:13 PM

System Uptime: 11/4/2012 5:34:40 PM (12 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K8VB

Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2202/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 16.764 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

F: is CDROM (CDFS)

Z: is FIXED (NTFS) - 233 GiB total, 136.754 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: RAID Controller

Device ID: PCI\VEN_105A&DEV_3376&SUBSYS_809E1043&REV_02\3&267A616A&0&40

Manufacturer:

Name: RAID Controller

PNP Device ID: PCI\VEN_105A&DEV_3376&SUBSYS_809E1043&REV_02\3&267A616A&0&40

Service:

.

==== System Restore Points ===================

.

RP2433: 1/11/2012 3:40:48 PM - Restore Operation

RP2434: 1/11/2012 3:44:49 PM - Restore Operation

RP2435: 11/2/2012 2:44:01 PM - Removed Adobe Reader 9.4.6.

RP2436: 11/2/2012 2:45:41 PM - Installed Adobe Reader XI.

RP2437: 11/2/2012 2:49:54 PM - Installed Sophos Virus Removal Tool.

RP2438: 11/2/2012 3:32:00 PM - Software Distribution Service 3.0

RP2439: 11/2/2012 3:34:52 PM - Removed Skype Toolbars

RP2440: 11/2/2012 3:43:34 PM - Software Distribution Service 3.0

RP2441: 11/2/2012 4:01:53 PM - Software Distribution Service 3.0

RP2442: 11/2/2012 4:39:11 PM - Software Distribution Service 3.0

RP2443: 11/2/2012 5:06:54 PM - Software Distribution Service 3.0

RP2444: 11/2/2012 5:11:51 PM - Installed Java 7 Update 9

RP2445: 11/2/2012 5:16:48 PM - Software Distribution Service 3.0

RP2446: 11/2/2012 5:25:49 PM - Software Distribution Service 3.0

RP2447: 11/2/2012 5:56:45 PM - Software Distribution Service 3.0

RP2448: 11/2/2012 7:18:21 PM - Installed QuickTime

RP2449: 11/2/2012 7:23:08 PM - Software Distribution Service 3.0

RP2450: 11/2/2012 7:32:20 PM - Removed Skype™ 5.10

RP2451: 11/2/2012 7:32:43 PM - Installed Skype™ 6.0

RP2452: 11/2/2012 7:45:41 PM - Software Distribution Service 3.0

RP2453: 11/2/2012 8:46:58 PM - IObit Uninstaller restore point

RP2454: 11/2/2012 8:52:09 PM - IObit Uninstaller restore point

RP2455: 11/2/2012 8:52:37 PM - Removed Spelling Dictionaries Support For Adobe Reader 9.

RP2456: 11/2/2012 8:53:36 PM - IObit Uninstaller restore point

RP2457: 11/2/2012 9:01:35 PM - IObit Uninstaller restore point

RP2458: 11/2/2012 9:02:24 PM - Removed Microsoft Baseline Security Analyzer 2.1

RP2459: 11/2/2012 9:02:50 PM - IObit Uninstaller restore point

RP2460: 11/2/2012 9:02:56 PM - Removed Acrobat.com

RP2461: 11/2/2012 9:08:05 PM - Software Distribution Service 3.0

RP2462: 11/2/2012 9:35:36 PM - Installed %1 %2.

RP2463: 11/2/2012 9:36:20 PM - Installed %1 %2.

RP2464: 11/2/2012 9:39:21 PM - Removed Sophos Virus Removal Tool.

RP2465: 11/2/2012 10:48:32 PM - Software Distribution Service 3.0

RP2466: 11/3/2012 10:20:21 AM - Software Distribution Service 3.0

RP2467: 11/3/2012 10:26:43 AM - Software Distribution Service 3.0

RP2468: 11/3/2012 1:02:28 PM - avast! Free Antivirus Setup

RP2469: 11/4/2012 12:03:36 PM - System Checkpoint

.

==== Installed Programs ======================

.

1st Page 2000 2.00 Free

2WIRE Wireless LAN - USB Driver

3dsmax ancillary install

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 6.0

Adobe Premiere Elements 7.0

Adobe Reader XI

Adobe Shockwave Player 11.6

Advanced SystemCare 6

AOEMView 2008

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AquaMark3

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Audacity 1.2.6

AutoCAD 2009 - English

Autodesk 3ds Max 9 32-bit

Autodesk Data Management Server 2008

Autodesk DWF Viewer 7

Autodesk Inventor Professional 2008

Autodesk Vault 2008

AutoRotation Premium

avast! Free Antivirus

Backburner

Battlefield 1942

Bonjour

BootSkin

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

CCleaner

Choice Guard

ClueFinders Years 3 & 4 Adventures

Command & Conquer Generals

Command and ConquerTM Generals Zero Hour

Compatibility Pack for the 2007 Office system

Critical Update for Windows Media Player 11 (KB959772)

CutePDF Writer 3.0

CyberLink PowerProducer

Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.12.00.803

DVD Solution

DWG TrueView 2007

Easy MP3 Sound Recorder 2.01

FBX Plugin 2006.08 for Max 9.0

FileHippo.com Update Checker

Freez DVD Ripper v1.5

Galswin

GearDrvs

getPlus®_ocx

GIMP 2.6.11

Guitar Pro 5.0

Half-Life® 2

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HyperTerminal Private Edition v6.3

InCD

InterActual Player

iTunes

Java 7 Update 9

Java Auto Updater

Java 6 Update 21

Jet Moto

Junk Mail filter update

LiveUpdate BVRP Software

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.65.1.1000

Marvell Miniport Driver

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft IntelliType Pro 2.2

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Windows Journal Viewer

Microsoft WSE 3.0 Runtime

Microsoft Xbox 360 Accessories 1.2

mobile PhoneTools

Mozilla Firefox (3.6)

Mozilla Firefox 16.0.2 (x86 en-US)

MSN Music Assistant

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

Multimedia Launcher

Nero 6 Ultra Edition

Nero Digital

Nero Media Player

NeroMIX

NeroVision Express Content

Pando Media Booster

Peggle

Pinnacle Instant DVD Recorder

PokerStars

PowerDVD

Python 2.7.1

QuickTime

Secunia PSI (3.0.0.4001)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219-v2)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135-v2)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2731847-v2)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Segoe UI

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)

SigmaTel MTPMSCN Audio Player

Skins

Skype™ 6.0

Smart Defrag 2

Socialbox

Sophos Anti-Rootkit 1.3.1

SoundMAX

Speccy

SSH Secure Shell

Starsiege TRIBES 1.8

Steam

Steinberg Cubase LE 4

Super TextTwist

swMSM

Syncrosoft License Control

TeamSpeak 2 RC2

TeamSpeak 2 Server RC2

TeamViewer 7

The Bloobles and the Quest for Chocolate

The ClueFinders 5th Grade Adventures

Theme Park World Fix

Twisted Metal 2

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

US-122L / US-144 driver

VBA (2627.01)

Ventrilo Client

Virus Guard - powered by BitDefender

VLC media player 2.0.4

VoiceOver Kit

WebFldrs XP

Winamp

Winamp Detector Plug-in

WindowBlinds

Windows Defender Signatures

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Rights Management Client Backwards Compatibility SP2

Windows Rights Management Client with Service Pack 2

Windows XP Service Pack 3

WinRAR 4.20 (32-bit)

WM Converter

World of Warcraft

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

11/4/2012 7:13:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Autodesk Data Management Job Dispatch service to connect.

11/4/2012 7:13:08 AM, error: Service Control Manager [7000] - The Autodesk Data Management Job Dispatch service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/3/2012 4:03:42 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

11/3/2012 1:28:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdPPM aswSnx aswSP aswTdi Fips magicpvt

11/3/2012 1:27:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/2/2012 9:39:49 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

11/2/2012 8:59:57 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

11/2/2012 8:56:53 PM, error: Service Control Manager [7034] - The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).

11/2/2012 8:55:41 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

11/2/2012 7:47:49 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office XP (KB2289162).

11/2/2012 11:05:46 PM, error: Microsoft Antimalware [1119] -

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

Update your Malwarebytes' Anti-Malware via Chameleon and perform a quick scan. Post the results in your next reply here.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.05.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

:: AMD [administrator]

11/5/2012 3:39:32 PM

mbam-log-2012-11-05 (15-39-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 262529

Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

=========================================================================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-11-05 15:49:06

-----------------------------

15:49:06.765 OS Version: Windows 5.1.2600 Service Pack 3

15:49:06.765 Number of processors: 1 586 0xC00

15:49:06.781 ComputerName: AMD UserName:

15:49:08.421 Initialize success

15:49:09.984 AVAST engine defs: 12110500

15:49:25.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viasraid1Port2Path0Target0Lun0

15:49:25.984 Disk 0 Vendor: ST380013 3.18 Size: 76319MB BusType: 1

15:49:25.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\viasraid1Port2Path0Target2Lun0

15:49:25.984 Disk 1 Vendor: ST325041 3.AA Size: 238475MB BusType: 1

15:49:26.000 Disk 0 MBR read successfully

15:49:26.000 Disk 0 MBR scan

15:49:26.015 Disk 0 Windows XP default MBR code

15:49:26.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63

15:49:26.062 Disk 0 scanning sectors +156280320

15:49:26.140 Disk 0 scanning C:\WINDOWS\system32\drivers

15:49:41.093 Service scanning

15:49:57.812 Modules scanning

15:50:36.015 Disk 0 trace - called modules:

15:50:36.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viasraid.sys

15:50:36.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8c5ab8]

15:50:36.406 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Scsi\viasraid1Port2Path0Target0Lun0[0x8a869a38]

15:50:36.781 AVAST engine scan C:\WINDOWS

15:50:45.968 AVAST engine scan C:\WINDOWS\system32

15:53:45.937 AVAST engine scan C:\WINDOWS\system32\drivers

15:54:05.812 AVAST engine scan C:\Documents and Settings\Ian Harrop

16:14:06.484 AVAST engine scan C:\Documents and Settings\All Users

16:18:11.609 Scan finished successfully

16:18:41.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ian Harrop\Desktop\MBR.dat"

16:18:41.281 The log file has been saved successfully to "C:\Documents and Settings\Ian Harrop\Desktop\aswMBR.txt"

Link to post
Share on other sites

Thanks!

Note: Please do not run this tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Thanks for your help so far, I need more help so again I want to thank you as your efforts are still needed

This is what happened:

- I turned off the virus protection & firewall, then ran ComboFix.

- I saw it extract the program files (lots of green test scrolling in the install box)

- I saw the box with the bars noting the progress of creating a restore point... then everything stopped.

I never got the box about the Recovery Console and In fact I never got the blue window shown in the instructions with the words "Please Wait ComboFix is preparing to run" or the blue box one behind the box with the bars showing the progress of creating a restore point.

I eventually turned of the computer, re-started it and tried again. Same result. But this is weird .. after the first time I ran it I was not asked if I Agree with the terms and conditions, it seemed skip that step.

Hoping you're enjoying a challenge... its the problems that aren't solved by standard practices that help me learn :)

Link to post
Share on other sites

Perhaps this will help. When ComboFix is extracting it only seems to get half way according to the progress bar and stops while it is extracting Streamtools.zip... it lists two output files and then the extract process immediate completes and it goes to the creating a restore point progress bars.

Link to post
Share on other sites

Please proceed with this tool in Normal mode:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

OTL logfile created on: 11/7/2012 4:59:14 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ian Harrop\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.21% Memory free

3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.38% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 19.71 Gb Free Space | 26.44% Space Free | Partition Type: NTFS

Drive E: | 592.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 534.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive Z: | 232.88 Gb Total Space | 136.72 Gb Free Space | 58.71% Space Free | Partition Type: NTFS

Computer Name: AMD | User Name: Ian Harrop | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/07 04:58:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ian Harrop\Desktop\OTL.exe

PRC - [2012/11/02 16:12:04 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2012/10/31 14:52:30 | 000,464,256 | ---- | M] (IObit) -- z:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/09/24 05:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe

PRC - [2012/09/24 05:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe

PRC - [2009/06/26 17:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe

PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- Z:\Program Files\MagicDisc\MagicDisc.exe

PRC - [2008/04/28 15:57:46 | 000,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/08/24 10:40:52 | 001,097,728 | ---- | M] (Samsung Electronics, Inc.) -- C:\Program Files\MagicRotation\MagicPvt.exe

PRC - [2007/08/23 14:05:18 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

PRC - [2007/02/13 13:28:14 | 000,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe

PRC - [2007/02/13 13:26:46 | 000,049,152 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe

PRC - [2007/01/15 15:18:00 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe

PRC - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- Z:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

PRC - [2006/03/23 16:06:38 | 000,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe

PRC - [2004/09/06 18:47:32 | 000,422,400 | ---- | M] (Stardock Systems, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe

PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

PRC - [2002/03/21 21:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/06 14:38:34 | 001,829,376 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12110602\algo.dll

MOD - [2012/11/02 17:17:24 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll

MOD - [2012/11/02 17:17:21 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll

MOD - [2012/11/02 17:17:11 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll

MOD - [2012/11/02 17:16:02 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll

MOD - [2012/11/02 17:16:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll

MOD - [2012/11/02 17:15:50 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll

MOD - [2012/11/02 17:15:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll

MOD - [2012/11/02 17:15:37 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll

MOD - [2012/11/02 17:09:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll

MOD - [2012/11/02 17:08:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll

MOD - [2012/11/02 17:08:07 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll

MOD - [2012/11/02 16:07:14 | 000,003,584 | ---- | M] () -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\autodeskdm_services\f924c671\35d0f680\App_global.asax.btljqrjz.dll

MOD - [2012/11/02 15:53:42 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2012/11/02 15:53:39 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2012/11/02 15:53:39 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2012/11/02 15:53:22 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

MOD - [2012/11/02 15:53:21 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2012/11/02 15:53:20 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2012/11/02 15:53:19 | 000,749,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

MOD - [2012/11/02 15:52:57 | 000,835,584 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

MOD - [2012/11/02 15:52:49 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

MOD - [2012/11/02 15:52:45 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

MOD - [2012/03/11 13:55:40 | 000,088,656 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll

MOD - [2011/02/05 19:08:12 | 000,884,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll

MOD - [2010/06/11 00:11:58 | 005,967,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

MOD - [2010/06/11 00:11:56 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll

MOD - [2009/03/10 13:36:10 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll

MOD - [2009/03/10 13:36:10 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll

MOD - [2009/03/10 13:36:10 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3321.40422__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll

MOD - [2009/03/10 13:36:09 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3321.40301__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2009/03/10 13:36:09 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3321.40319__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll

MOD - [2009/03/10 13:36:09 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll

MOD - [2009/03/10 13:36:09 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll

MOD - [2009/03/10 13:36:08 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3321.40317__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll

MOD - [2009/03/10 13:36:08 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3321.40384__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll

MOD - [2009/03/10 13:36:08 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3321.40378__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll

MOD - [2009/03/10 13:36:08 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll

MOD - [2009/03/10 13:36:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3321.40308__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll

MOD - [2009/03/10 13:36:07 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3321.40369__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll

MOD - [2009/03/10 13:36:07 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3321.40399__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll

MOD - [2009/03/10 13:36:07 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3321.40357__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll

MOD - [2009/03/10 13:36:06 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3321.40400__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll

MOD - [2009/03/10 13:36:06 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3321.40318__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll

MOD - [2009/03/10 13:36:06 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3321.40308__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll

MOD - [2009/03/10 13:36:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3321.40318__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll

MOD - [2009/03/10 13:36:05 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll

MOD - [2009/03/10 13:36:05 | 000,286,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3321.40328__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.dll

MOD - [2009/03/10 13:36:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll

MOD - [2009/03/10 13:36:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3321.40362__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll

MOD - [2009/03/10 13:36:05 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3321.40328__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll

MOD - [2009/03/10 13:36:01 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3321.40372__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll

MOD - [2009/03/10 13:36:00 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3321.40346__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll

MOD - [2009/03/10 13:36:00 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll

MOD - [2009/03/10 13:36:00 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll

MOD - [2009/03/10 13:36:00 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3321.40345__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll

MOD - [2009/03/10 13:35:59 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3321.40380__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll

MOD - [2009/03/10 13:35:59 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3321.40310__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll

MOD - [2009/03/10 13:35:59 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll

MOD - [2009/03/10 13:35:59 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3321.40324__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll

MOD - [2009/03/10 13:35:59 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll

MOD - [2009/03/10 13:35:57 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3321.40359__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll

MOD - [2009/03/10 13:35:57 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3321.40340__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll

MOD - [2009/03/10 13:35:57 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll

MOD - [2009/03/10 13:35:57 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3321.40355__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll

MOD - [2009/03/10 13:35:56 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll

MOD - [2009/03/10 13:35:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll

MOD - [2009/03/10 13:35:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2009/03/10 13:35:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2009/03/10 13:35:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2009/03/10 13:35:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll

MOD - [2009/03/10 13:35:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll

MOD - [2009/03/10 13:35:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2009/03/10 13:35:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2009/03/10 13:35:51 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll

MOD - [2009/03/10 13:35:47 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2009/03/10 13:35:47 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2009/03/10 13:35:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll

MOD - [2009/03/10 13:35:47 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2009/03/10 13:35:46 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2009/03/10 13:35:46 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2009/03/10 13:35:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll

MOD - [2009/03/10 13:35:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll

MOD - [2009/03/10 13:35:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2009/03/10 13:35:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2009/03/10 13:35:45 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2009/03/10 13:35:45 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2009/03/10 13:35:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2009/03/10 13:35:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2009/03/10 13:35:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2009/03/10 13:35:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2009/03/10 13:35:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll

MOD - [2009/03/10 13:35:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll

MOD - [2009/03/10 13:35:44 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll

MOD - [2009/03/10 13:35:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll

MOD - [2009/03/10 13:35:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.dll

MOD - [2009/03/10 13:35:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3294.18759__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll

MOD - [2009/03/10 13:35:42 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll

MOD - [2009/03/10 13:35:42 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll

MOD - [2009/03/10 13:35:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll

MOD - [2009/03/10 13:35:41 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll

MOD - [2009/03/10 13:35:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll

MOD - [2009/03/10 13:35:41 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll

MOD - [2009/03/10 13:35:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll

MOD - [2009/03/10 13:35:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll

MOD - [2009/03/10 13:35:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll

MOD - [2009/03/10 13:35:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll

MOD - [2009/03/10 13:35:40 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3321.40431__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll

MOD - [2009/03/10 13:35:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll

MOD - [2009/03/10 13:35:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MOD - [2009/03/10 13:35:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll

MOD - [2009/03/10 13:35:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2009/03/10 13:35:39 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3321.40409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2009/03/10 13:35:39 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

MOD - [2009/03/10 13:35:39 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll

MOD - [2009/03/10 13:35:39 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3321.40297__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll

MOD - [2009/03/10 13:35:38 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3321.40393__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2009/03/10 13:35:38 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3321.40391__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2009/03/10 13:35:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2009/03/10 13:35:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll

MOD - [2009/03/10 13:35:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2009/03/10 13:35:37 | 000,540,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3321.40387__90ba9c70f846762e\CLI.Component.Systemtray.dll

MOD - [2009/03/10 13:35:37 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2009/03/10 13:35:37 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3321.40300__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2009/03/10 13:35:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2009/03/10 13:35:37 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2009/03/10 13:35:36 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3321.40298__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2009/03/10 13:35:36 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2009/03/10 13:35:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2009/03/10 13:35:34 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3321.40305__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2009/03/10 13:35:34 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2009/03/10 13:35:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3321.40392__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2009/03/10 13:35:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll

MOD - [2009/03/10 13:35:33 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3321.40299__90ba9c70f846762e\ATIDEMOS.dll

MOD - [2009/03/10 13:35:33 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3321.40298__90ba9c70f846762e\APM.Server.dll

MOD - [2009/03/10 13:35:33 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3321.40297__90ba9c70f846762e\AEM.Server.dll

MOD - [2009/03/10 13:35:33 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2008/10/30 13:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

MOD - [2008/02/22 15:29:28 | 000,040,960 | ---- | M] () -- C:\Program Files\MagicTune Premium\DProfile.dll

MOD - [2008/02/22 15:29:26 | 000,040,960 | ---- | M] () -- C:\Program Files\MagicTune Premium\EProfile.dll

MOD - [2008/02/22 15:29:24 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\VESADll.dll

MOD - [2008/02/22 15:29:24 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\IProfile.dll

MOD - [2008/02/22 15:29:22 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\DeviceInterface.dll

MOD - [2008/02/20 12:32:56 | 000,077,824 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneCore.dll

MOD - [2007/08/23 14:05:18 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

MOD - [2007/01/15 15:18:00 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe

MOD - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () -- Z:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/11/06 08:26:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/11/02 16:12:04 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/10/31 14:52:30 | 000,464,256 | ---- | M] (IObit) [Auto | Running] -- z:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)

SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/10/19 15:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/09/24 05:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2012/09/24 05:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2011/04/13 15:41:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/04/28 15:57:46 | 000,085,096 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2007/08/23 14:05:18 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)

SRV - [2007/02/13 13:28:14 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)

SRV - [2007/02/13 13:26:46 | 000,049,152 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe -- (Autodesk EDM Server)

SRV - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- Z:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32)

SRV - [2006/03/23 16:06:38 | 000,880,128 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\yhdbvk.sys -- (qdhcs)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\jfvd.sys -- (onksw)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\7.tmp -- (MEMSWEEP2)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\cxwae.sys -- (cqjhffil)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012/11/06 10:51:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012/10/30 15:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/10/30 15:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/12/16 07:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/11/26 17:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2009/06/26 17:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)

DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2009/02/04 00:27:21 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008/01/17 14:45:56 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)

DRV - [2007/12/17 22:17:52 | 000,033,792 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2a.sys -- (TASCAM_US122L_WDM)

DRV - [2007/12/17 22:17:52 | 000,018,944 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2m.sys -- (TASCAM_US122L_MIDI)

DRV - [2007/12/17 22:17:50 | 000,360,448 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tascusb2.sys -- (TASCAM_US122144)

DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2006/11/23 17:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)

DRV - [2006/08/24 12:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)

DRV - [2006/03/23 16:15:58 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)

DRV - [2006/03/23 16:15:56 | 000,033,536 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)

DRV - [2006/03/23 16:15:56 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)

DRV - [2006/03/23 16:00:28 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)

DRV - [2006/02/07 10:49:58 | 000,197,632 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wisgostrm.sys -- (WISTechVIDCAP)

DRV - [2005/12/23 16:20:35 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)

DRV - [2005/11/14 02:26:34 | 000,009,728 | ---- | M] (Samsung Electronics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\magicpvt.sys -- (magicpvt)

DRV - [2005/06/02 17:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)

DRV - [2005/02/23 16:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)

DRV - [2004/09/30 19:05:12 | 000,163,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\vidstub.sys -- (BootScreen)

DRV - [2003/12/05 02:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2003/10/30 14:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid)

DRV - [2003/04/08 13:14:50 | 000,038,656 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P2k.sys -- (P2k)

DRV - [2001/08/17 13:05:20 | 000,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald)

DRV - [2001/08/17 13:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 68.52.7.68:3128

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 68.52.7.68:3128

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\SearchScopes,DefaultScope = {6490868B-CCD6-43C8-9B5F-907EE9A80C4D}

IE - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\SearchScopes\{6490868B-CCD6-43C8-9B5F-907EE9A80C4D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLD

IE - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..extensions.enabledItems: player@portalarium.com:1.57

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: Z:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

[2010/01/30 10:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ian Harrop\Application Data\Mozilla\Extensions

[2012/11/02 18:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ian Harrop\Application Data\Mozilla\Firefox\Profiles\j3co2wb1.default\extensions

[2012/11/02 18:55:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ian Harrop\Application Data\Mozilla\Firefox\Profiles\j3co2wb1.default\extensions\nostmp

[2011/08/30 23:54:44 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Documents and Settings\Ian Harrop\Application Data\Mozilla\Firefox\Profiles\j3co2wb1.default\extensions\player@portalarium.com

[2012/11/02 18:56:06 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Ian Harrop\Application Data\Mozilla\Firefox\Profiles\j3co2wb1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2012/11/02 18:55:14 | 000,499,731 | ---- | M] () (No name found) -- C:\Documents and Settings\Ian Harrop\Application Data\Mozilla\Firefox\Profiles\j3co2wb1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}.xpi

O1 HOSTS File: ([2012/11/05 06:15:36 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()

O4 - HKLM..\Run: [intelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe (Samsung Electronics, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk = C:\Program Files\MagicTune Premium\GammaTray.exe ()

O4 - Startup: C:\Documents and Settings\Ian Harrop\Start Menu\Programs\Startup\MagicDisc.lnk = Z:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)

O15 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..Trusted Ranges: Range1 ([file] in Local intranet)

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com.ezproxy.lib.ucalgary.ca/lib/ucalgary/support/plugins/ebraryRdr.cab (Infotl Control)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118841937078 (WUWebControl Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118841924437 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01459325-7A99-4C53-861E-B4693CF9D737}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E96D7B1-BB01-423C-B4FC-1BE34E353D13}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\WB: DllName - (C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll) - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll (Stardock)

O24 - Desktop WallPaper: C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/09/06 20:42:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/02/06 07:32:37 | 000,000,174 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O32 - AutoRun File - [1999/05/26 08:33:54 | 000,000,120 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2030/12/15 19:47:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\E177E04D548C4006A465EEB92D3DE021

[2012/11/07 04:58:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ian Harrop\Desktop\OTL.exe

[2012/11/06 16:34:04 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2012/11/06 16:22:41 | 004,997,881 | R--- | C] (Swearware) -- C:\Documents and Settings\Ian Harrop\Desktop\ComboFix.exe

[2012/11/06 08:46:52 | 000,000,000 | ---D | C] -- C:\AMD

[2012/11/05 16:49:44 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/11/05 15:23:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ian Harrop\Desktop\aswMBR.exe

[2012/11/05 11:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ian Harrop\Application Data\Malwarebytes

[2012/11/05 11:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/05 11:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/11/05 11:08:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/11/05 11:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/05 09:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office

[2012/11/05 09:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync

[2012/11/05 09:00:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW

[2012/11/05 06:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com

[2012/11/04 17:52:55 | 000,687,724 | R--- | C] (Swearware) -- C:\Documents and Settings\Ian Harrop\Desktop\dds.com

[2012/11/04 17:10:45 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Ian Harrop\Desktop\mbam-clean-1.60.2.0003.exe

[2012/11/03 13:07:35 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ian Harrop\Desktop\mbam-setup-1.65.1.1000.exe

[2012/11/03 12:03:39 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/11/03 12:03:39 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/11/03 12:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus

[2012/11/03 12:03:38 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/11/03 12:03:37 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/11/03 12:03:37 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/11/03 12:03:37 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/11/03 12:03:37 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/11/03 12:03:37 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012/11/03 12:02:52 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/11/03 12:02:50 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012/11/03 12:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/11/03 12:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2012/11/02 21:59:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\tasks\TaskDisabled

[2012/11/02 20:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN

[2012/11/02 20:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell

[2012/11/02 20:36:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm

[2012/11/02 20:36:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy

[2012/11/02 20:36:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$

[2012/11/02 19:43:32 | 000,029,528 | ---- | C] (IObit) -- C:\WINDOWS\System32\SmartDefragBootTime.exe

[2012/11/02 19:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2

[2012/11/02 18:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7

[2012/11/02 18:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012/11/02 18:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2012/11/02 18:32:46 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2012/11/02 18:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ian Harrop\Start Menu\Programs\WinRAR

[2012/11/02 18:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR

[2012/11/02 18:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2012/11/02 18:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012/11/02 18:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\Sun

[2012/11/02 16:56:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM

[2012/11/02 15:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner

[2012/11/02 15:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\Secunia PSI

[2012/11/02 15:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia

[2012/11/02 15:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit

[2012/11/02 15:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ian Harrop\Application Data\IObit

[2012/11/02 15:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 6

[2012/11/02 14:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2012/11/02 13:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 Z:\My Documents\*.tmp files -> Z:\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/07 04:58:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ian Harrop\Desktop\OTL.exe

[2012/11/07 04:39:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/11/06 22:00:13 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D1D3FC20-C354-4394-8505-E5CB989C962E}.job

[2012/11/06 21:59:18 | 000,559,812 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/11/06 21:59:18 | 000,110,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/11/06 21:56:35 | 000,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/11/06 21:56:29 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012/11/06 21:54:40 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job

[2012/11/06 21:54:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/11/06 21:54:10 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\magicpvt.dat

[2012/11/06 21:53:50 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\driver.dat

[2012/11/06 16:22:52 | 004,997,881 | R--- | M] (Swearware) -- C:\Documents and Settings\Ian Harrop\Desktop\ComboFix.exe

[2012/11/06 10:51:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/11/05 22:00:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job

[2012/11/05 16:22:16 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\Ian Harrop\Desktop\Shortcut to Logs.lnk

[2012/11/05 16:18:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ian Harrop\Desktop\MBR.dat

[2012/11/05 15:23:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ian Harrop\Desktop\aswMBR.exe

[2012/11/05 11:08:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/05 10:53:54 | 000,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/11/05 09:01:48 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2012/11/05 06:15:36 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2012/11/04 19:43:18 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/11/04 17:53:01 | 000,687,724 | R--- | M] (Swearware) -- C:\Documents and Settings\Ian Harrop\Desktop\dds.com

[2012/11/04 17:10:46 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Ian Harrop\Desktop\mbam-clean-1.60.2.0003.exe

[2012/11/03 13:07:50 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ian Harrop\Desktop\mbam-setup-1.65.1.1000.exe

[2012/11/03 12:03:39 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2012/11/03 12:01:13 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2012/11/03 11:40:03 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/11/03 11:39:40 | 097,495,576 | ---- | M] () -- C:\Documents and Settings\Ian Harrop\Desktop\avast_free_antivirus_setup.exe

[2012/11/02 15:31:07 | 000,007,060 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/10/30 15:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/10/30 15:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/10/30 15:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/10/30 15:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/10/30 15:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 Z:\My Documents\*.tmp files -> Z:\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/05 16:22:16 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\Ian Harrop\Desktop\Shortcut to Logs.lnk

[2012/11/05 16:18:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ian Harrop\Desktop\MBR.dat

[2012/11/05 11:08:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/03 12:03:39 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2012/11/03 12:03:37 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012/11/03 11:39:26 | 097,495,576 | ---- | C] () -- C:\Documents and Settings\Ian Harrop\Desktop\avast_free_antivirus_setup.exe

[2012/11/02 20:15:24 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/11/02 20:09:20 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2012/11/02 19:43:58 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job

[2012/11/02 19:43:16 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job

[2012/11/02 19:42:02 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys

[2012/11/02 16:54:50 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb

[2012/11/02 15:41:42 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/11/02 15:33:07 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk

[2012/11/02 14:36:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/11/02 14:36:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2012/11/02 13:46:28 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

[2012/01/10 07:21:26 | 000,013,282 | -HS- | C] () -- C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\20usa66ryf2054avxpn88ljicc1rb27fcx2h66t7q25wmj

[2012/01/10 07:21:26 | 000,013,282 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\20usa66ryf2054avxpn88ljicc1rb27fcx2h66t7q25wmj

[2012/01/06 08:07:04 | 000,010,138 | -HS- | C] () -- C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\33eupu63m545ai0wf5agn87x4j5h80804del3283n1jn73

[2012/01/06 08:07:04 | 000,010,138 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\33eupu63m545ai0wf5agn87x4j5h80804del3283n1jn73

[2011/09/04 21:19:33 | 000,090,624 | ---- | C] () -- C:\WINDOWS\VSUNINST.EXE

[2011/09/03 22:28:41 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll

[2011/09/03 22:28:41 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll

[2011/08/29 23:01:39 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ian Harrop\jagex_runescape_preferences2.dat

[2011/08/29 22:59:40 | 000,000,035 | ---- | C] () -- C:\Documents and Settings\Ian Harrop\jagex_runescape_preferences.dat

[2011/06/14 21:49:04 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/15 20:29:06 | 000,001,568 | ---- | C] () -- C:\Documents and Settings\Ian Harrop\.recently-used.xbel

[2011/03/03 11:25:00 | 000,013,729 | ---- | C] () -- C:\WINDOWS\Galsmave.ini

[2011/02/16 13:49:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/02/16 13:49:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/02/16 13:49:41 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/02/16 13:49:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/02/16 13:49:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/01/28 21:28:08 | 000,000,305 | ---- | C] () -- C:\WINDOWS\EReg077.dat

[2011/01/27 18:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2011/01/15 13:19:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/12/30 19:26:13 | 000,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL

[2005/10/09 12:32:14 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\fusioncache.dat

[2005/09/26 08:18:13 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2004/11/02 11:27:22 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\Ian Harrop\default.pls

[2004/09/19 16:44:25 | 000,229,888 | ---- | C] () -- C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2004/09/08 16:42:13 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

========== ZeroAccess Check ==========

[2005/06/15 06:41:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/05 06:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com

[2011/02/08 18:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2012/11/03 12:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011/02/15 19:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo

[2006/03/20 15:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2011/04/17 12:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core

[2011/04/17 12:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2011/02/15 19:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fun4IM

[2012/11/02 15:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2011/04/16 17:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games

[2011/07/20 12:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia

[2010/11/02 22:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL

[2011/07/19 20:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media

[2009/03/10 15:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2007/06/22 10:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2012/11/02 13:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos

[2009/03/09 15:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft

[2012/11/02 19:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/02/09 20:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Revills Games

[2009/03/27 11:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2010/07/10 15:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/08/20 19:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}

[2009/06/10 07:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2011/01/21 19:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\.BitTornado

[2010/10/28 16:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\.minecraft

[2011/02/05 19:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\Ansys

[2010/10/24 00:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\Armagetron

[2011/02/05 19:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\Autodesk

[2004/12/17 22:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\Azureus

[2011/07/17 17:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\com.socialbox.socialbox

[2010/07/10 16:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\DiskAid

[2011/01/21 20:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\GetRightToGo

[2011/03/15 20:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\gtk-2.0

[2012/11/02 19:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\IObit

[2010/07/09 14:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\iPodtoComputer

[2011/07/20 12:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\Ludia

[2007/04/28 11:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\MusicIP

[2011/07/20 00:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\Oberon Media

[2007/02/18 17:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\SSH

[2009/03/09 15:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\Steinberg

[2012/01/14 11:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\TeamViewer

[2010/08/14 16:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\Turbine

[2012/11/05 05:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\uTorrent

========== Purity Check ==========

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\WINDOWS\$NtUninstallKB14007$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B85C37B

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 11/7/2012 4:59:14 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ian Harrop\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.21% Memory free

3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.38% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 19.71 Gb Free Space | 26.44% Space Free | Partition Type: NTFS

Drive E: | 592.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 534.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive Z: | 232.88 Gb Total Space | 136.72 Gb Free Space | 58.71% Space Free | Partition Type: NTFS

Computer Name: AMD | User Name: Ian Harrop | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-746137067-1214440339-1801674531-1004\SOFTWARE\Classes\<extension>]

.scr [@ = AOEMViewScriptFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "c:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "c:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"36720:TCP" = 36720:TCP:*:Enabled:BT

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\EA GAMES\Command & Conquer Generals Zero Hour\game.dat" = C:\Program Files\EA GAMES\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game -- ()

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"Z:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = Z:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"Z:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = Z:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit -- (Autodesk, Inc.)

"Z:\Program Files\Sony Interactive\Twisted Metal 2\TM2.EXE" = Z:\Program Files\Sony Interactive\Twisted Metal 2\TM2.EXE:*:Enabled:Twisted Metal 2

"Z:\Program Files\iTunes\iTunes.exe" = Z:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Valve\Steam\SteamApps\exedous\counter-strike source\hl2.exe" = C:\Program Files\Valve\Steam\SteamApps\exedous\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"C:\Program Files\Valve\Steam\SteamApps\exedous\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Valve\Steam\SteamApps\exedous\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()

"C:\WINDOWS\system32\svchost.exe" = C:\WINDOWS\system32\svchost.exe:*:Enabled:svchost.exe -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0EFC334E-0BFE-4387-8E67-A0DAA54D998D}" = AutoRotation Premium

"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility

"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 21

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)

"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007

"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E1ECEEC-814C-4B53-9E08-9B1F2FA83434}" = Easy MP3 Sound Recorder 2.01

"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer

"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)

"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English

"{581CE7EA-A30D-0000-1211-088635773309}" = 2WIRE Wireless LAN - USB Driver

"{5E8ED61B-9027-4EA3-8E5B-BC2A9EE6B020}" = Autodesk Data Management Server 2008

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6A6C087B-17F4-4A90-8542-85F0BFB58B16}" = SigmaTel MTPMSCN Audio Player

"{6F411DB4-EC41-482B-AD46-384957928F69}" = AOEMView 2008

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install

"{7F4DD591-1200-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2008

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light

"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures

"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI

"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials

"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding

"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2

"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0

"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}" = Autodesk Vault 2008

"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer

"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2

"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder

"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard

"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.12.00.803

"1st Page 2000 2.00 Free" = 1st Page 2000 2.00 Free

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 6.0" = Adobe Photoshop 6.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Advanced SystemCare 6_is1" = Advanced SystemCare 6

"All ATI Software" = ATI - Software Uninstall Utility

"AOEMView 2008" = AOEMView 2008

"ATI Display Driver" = ATI Display Driver

"Audacity_is1" = Audacity 1.2.6

"AutoCAD 2009 - English" = AutoCAD 2009 - English

"Autodesk Data Management Server 2008" = Autodesk Data Management Server 2008

"Autodesk Vault 2008" = Autodesk Vault 2008

"avast" = avast! Free Antivirus

"BootSkin" = BootSkin

"CCleaner" = CCleaner

"CutePDF Writer Installation" = CutePDF Writer 3.0

"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0

"filehippo.com" = FileHippo.com Update Checker

"Freez DVD Ripper_is1" = Freez DVD Ripper v1.5

"getPlus®_ocx" = getPlus®_ocx

"Guitar Pro 5_is1" = Guitar Pro 5.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InCD!UninstallKey" = InCD

"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSN Music Assistant" = MSN Music Assistant

"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition

"NeroVision!UninstallKey" = Nero Digital

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NMIX!UninstallKey" = NeroMIX

"NMPUninstallKey" = Nero Media Player

"NVEContent!UninstallKey" = NeroVision Express Content

"PremElem70" = Adobe Premiere Elements 7.0

"Secunia PSI" = Secunia PSI (3.0.0.4001)

"Smart Defrag 2_is1" = Smart Defrag 2

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1

"Speccy" = Speccy

"Starsiege TRIBES" = Starsiege TRIBES 1.8

"Syncrosoft License Control" = Syncrosoft License Control

"TeamViewer 7" = TeamViewer 7

"USB_AUDIO_DEusb-audio.deTascam" = US-122L / US-144 driver

"VLC media player" = VLC media player 2.0.4

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"WindowBlinds" = WindowBlinds

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-bit)

"WM Converter" = WM Converter

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-1214440339-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"UnityWebPlayer" = Unity Web Player

"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/2/2012 11:09:59 PM | Computer Name = AMD | Source = Microsoft Security Client | ID = 5000

Description =

Error - 11/3/2012 12:47:55 AM | Computer Name = AMD | Source = Microsoft Security Client | ID = 5000

Description =

Error - 11/3/2012 12:00:20 PM | Computer Name = AMD | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 11/3/2012 12:00:20 PM | Computer Name = AMD | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 11/3/2012 12:00:20 PM | Computer Name = AMD | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 11/3/2012 12:17:32 PM | Computer Name = AMD | Source = MPSampleSubmission | ID = 5000

Description =

Error - 11/3/2012 12:17:53 PM | Computer Name = AMD | Source = Microsoft Security Client | ID = 5000

Description =

Error - 11/3/2012 12:18:27 PM | Computer Name = AMD | Source = MPSampleSubmission | ID = 5000

Description =

Error - 11/3/2012 2:05:49 PM | Computer Name = AMD | Source = Microsoft Security Client | ID = 5000

Description =

Error - 11/4/2012 8:16:58 PM | Computer Name = AMD | Source = Autodesk Data Management Job Dispatch | ID = 0

Description = JobService.GetAllJobs() failure The operation has timed out

[ System Events ]

Error - 11/6/2012 1:48:03 PM | Computer Name = AMD | Source = Service Control Manager | ID = 7000

Description = The Parallel port driver service failed to start due to the following

error: %%1058

Error - 11/6/2012 1:57:41 PM | Computer Name = AMD | Source = Service Control Manager | ID = 7034

Description = The MagicTuneEngine service terminated unexpectedly. It has done

this 1 time(s).

Error - 11/6/2012 2:00:10 PM | Computer Name = AMD | Source = Service Control Manager | ID = 7000

Description = The Parallel port driver service failed to start due to the following

error: %%1058

Error - 11/6/2012 7:15:25 PM | Computer Name = AMD | Source = Service Control Manager | ID = 7034

Description = The MagicTuneEngine service terminated unexpectedly. It has done

this 1 time(s).

Error - 11/6/2012 7:18:35 PM | Computer Name = AMD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/6/2012 7:18:52 PM | Computer Name = AMD | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Aavmker4 AmdPPM aswSnx aswSP aswTdi Fips magicpvt

Error - 11/6/2012 7:31:23 PM | Computer Name = AMD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/6/2012 7:33:46 PM | Computer Name = AMD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/7/2012 12:53:05 AM | Computer Name = AMD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/7/2012 12:55:45 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7000

Description = The Parallel port driver service failed to start due to the following

error: %%1058

< End of report >

Link to post
Share on other sites

Step 1

Please download AppRemover and save it on your desktop. Start the application and click Next and then select Clean Up a Failed Uninstall. Wait until AppRemover finishes scanning the computer and determines which security applications have elements installed. For some applications, AppRemover requires that you restart your computer to finish the uninstallation. If prompted, restart your computer before exiting AppRemover.

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\cxwae.sys -- (cqjhffil)
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\yhdbvk.sys -- (qdhcs)
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\jfvd.sys -- (onksw)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\7.tmp -- (MEMSWEEP2)
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS
    IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    O3 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-746137067-1214440339-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    [2012/01/10 07:21:26 | 000,013,282 | -HS- | C] () -- C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\20usa66ryf2054avxpn88ljicc1rb27fcx2h66t7q25wmj
    [2012/01/10 07:21:26 | 000,013,282 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\20usa66ryf2054avxpn88ljicc1rb27fcx2h66t7q25wmj
    [2012/01/06 08:07:04 | 000,010,138 | -HS- | C] () -- C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\33eupu63m545ai0wf5agn87x4j5h80804del3283n1jn73
    [2012/01/06 08:07:04 | 000,010,138 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\33eupu63m545ai0wf5agn87x4j5h80804del3283n1jn73
    [2011/01/21 19:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\.BitTornado
    [2011/04/16 17:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
    [2004/12/17 22:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\Azureus
    [2012/11/05 05:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian Harrop\Application Data\uTorrent
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "36720:TCP" =-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\svchost.exe" =-
    :files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

As Requested: PLease note that during the re-boot the computer sat for over 30 minutes on the screen "Windows Is Shutting Down" As such I had to force a shut down and then re-started. Immediately on Restart OTL wanted to run and I allowed it. All OTL did was open this log file that is pasted below. I hope the forced shut down didn't interfere with anything

All processes killed

========== OTL ==========

Service cqjhffil stopped successfully!

Service cqjhffil deleted successfully!

File System32\drivers\cxwae.sys not found.

Service qdhcs stopped successfully!

Service qdhcs deleted successfully!

File System32\drivers\yhdbvk.sys not found.

Service onksw stopped successfully!

Service onksw deleted successfully!

File System32\drivers\jfvd.sys not found.

Service MEMSWEEP2 stopped successfully!

Service MEMSWEEP2 deleted successfully!

File C:\WINDOWS\system32\7.tmp not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.

Registry value HKEY_USERS\S-1-5-21-746137067-1214440339-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Registry value HKEY_USERS\S-1-5-21-746137067-1214440339-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_USERS\S-1-5-21-746137067-1214440339-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.

Registry value HKEY_USERS\S-1-5-21-746137067-1214440339-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\20usa66ryf2054avxpn88ljicc1rb27fcx2h66t7q25wmj moved successfully.

C:\Documents and Settings\All Users\Application Data\20usa66ryf2054avxpn88ljicc1rb27fcx2h66t7q25wmj moved successfully.

C:\Documents and Settings\Ian Harrop\Local Settings\Application Data\33eupu63m545ai0wf5agn87x4j5h80804del3283n1jn73 moved successfully.

C:\Documents and Settings\All Users\Application Data\33eupu63m545ai0wf5agn87x4j5h80804del3283n1jn73 moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\.BitTornado\torrentcache folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\.BitTornado\piececache folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\.BitTornado\icons folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\.BitTornado\datacache folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\.BitTornado folder moved successfully.

C:\Documents and Settings\All Users\Application Data\iWin Games\opal folder moved successfully.

C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data folder moved successfully.

C:\Documents and Settings\All Users\Application Data\iWin Games\drm folder moved successfully.

C:\Documents and Settings\All Users\Application Data\iWin Games folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\torrents folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\tmp folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\shares folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\plugins folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\logs folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\downloads\Leisure_Suit_Larry_Magna_Cum_Laude-MONEY_[bt-gm]_[EFNet]\CD4 folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\downloads\Leisure_Suit_Larry_Magna_Cum_Laude-MONEY_[bt-gm]_[EFNet]\CD3 folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\downloads\Leisure_Suit_Larry_Magna_Cum_Laude-MONEY_[bt-gm]_[EFNet]\CD2 folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\downloads\Leisure_Suit_Larry_Magna_Cum_Laude-MONEY_[bt-gm]_[EFNet]\CD1 folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\downloads\Leisure_Suit_Larry_Magna_Cum_Laude-MONEY_[bt-gm]_[EFNet] folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\downloads\Leisure_Suit_Larry_Magna_Cum_Laude-MONEY\CD4 folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\downloads\Leisure_Suit_Larry_Magna_Cum_Laude-MONEY\CD3 folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\downloads\Leisure_Suit_Larry_Magna_Cum_Laude-MONEY\CD2 folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\downloads\Leisure_Suit_Larry_Magna_Cum_Laude-MONEY\CD1 folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\downloads\Leisure_Suit_Larry_Magna_Cum_Laude-MONEY folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus\downloads folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\Azureus folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\uTorrent\dlimagecache folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\uTorrent\apps folder moved successfully.

C:\Documents and Settings\Ian Harrop\Application Data\uTorrent folder moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\36720:TCP deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\svchost.exe deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Ian Harrop\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Ian Harrop\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 2836 bytes

User: Administrator.AMD

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 11506360 bytes

->Flash cache emptied: 41500 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 58264 bytes

User: Ian Harrop

->Temp folder emptied: 164214114 bytes

->Temporary Internet Files folder emptied: 53700994 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 17594110 bytes

->Flash cache emptied: 3150031 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 112454 bytes

User: NetworkService

->Temp folder emptied: 481810 bytes

->Temporary Internet Files folder emptied: 391061183 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 21926 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1138887 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 450091 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65188548 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytes

RecycleBin emptied: 19283946 bytes

Total Files Cleaned = 694.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11072012_064150

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_b00.dat not found!

File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Sorry same result with Combofix as before.

As requested I downloaded a fresh copy and tried it in Normal mode,

When it failed as before I booted into Safe Mode, downloaded fresh copy of ComboFix and ran again ... failed exactly the same as before.

Link to post
Share on other sites

Run this scan in Normal mode:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c7a64c42808c594db10ba43ce11f09f1

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-07 05:23:40

# local_time=2012-11-07 10:23:40 (-0700, Mountain Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776574 0 5 61411885 61411885 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=165151

# found=6

# cleaned=6

# scan_time=5835

C:\Documents and Settings\All Users\Documents\nero share\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar(2)\chrome\content\.#searchqutb.js.1.3.vir Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar(2)\chrome\content\searchqutb.js.vir Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar(2)\chrome\content\toolbar.htm.vir Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar(2)\chrome\content\toolbar.xul.vir Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Z:\My Documents\Downloads\alawaren_final_fortress\FinalFortress_13233.exe Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Farbar Service Scanner Version: 07-11-2012

Ran by Ian Harrop (administrator) on 08-11-2012 at 05:10:01

Running from "C:\Documents and Settings\Ian Harrop\Desktop"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0A00000005000000010000000200000003000000040000000A00000009000000080000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

Farbar Service Scanner Version: 07-11-2012

Ran by Ian Harrop (administrator) on 08-11-2012 at 05:10:01

Running from "C:\Documents and Settings\Ian Harrop\Desktop"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0A00000005000000010000000200000003000000040000000A00000009000000080000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

I am not going to be able to work on the computer that has problems for the next few days. As such, when you post your next set of instructions please expect that it will be Tuesday before I can respond. I will repond as soon as I am able. Thanks for your efforts on this, its much appreciated.

Link to post
Share on other sites

Farbar Service Scanner Version: 07-11-2012

Ran by Ian Harrop (administrator) on 08-11-2012 at 05:10:01

Running from "C:\Documents and Settings\Ian Harrop\Desktop"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0A00000005000000010000000200000003000000040000000A00000009000000080000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.