Root kit problem

[Gemma]

Hi there,

My pc has been running slow for several weeks now and I have run scans with malwarebytes & my antivirus software but found nothing. I recently upgraded sypbot search & destroy and ran the rootkit scan. It found something in two video files I got from a friend's portable harddrive so I deleted the files. I had opened one of the files to watch about a month ago. Last night when I shut down google chrome there was a pop window open with a link to some sex website. So I ran spybot's rootkit scan again and found this:

Type: Value

Object: 齈웰行令ᖐ哘

Location: HKLM\SYSTEM\ControlSet003\Control\Session Manager\

Details: Invisible to Win32

I have downloaded dds. Attached are the two files. If someone could help me out that would be appreciated.

Gemma

dds.txt

attach.txt

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

[Gemma]

Ok, I downloaded the software and double clicked to open. It seemed to start scanning straight away and then the opened window disappeared and a file called "RK_Quarantine" appeared on my desktop. Nothing seemed to be happening so I opened Google chrome and went back to the link above to read through your instructions again. When I returned to my desktop the RogueKiller file had disappeared! I tried to download it again and it said I had insufficient rights. I tried again by opening it in a different window and I got it to work.

Here is the report:

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Gemma [Admin rights]

Mode : Scan -- Date : 12/17/2012 19:45:37

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (200.76.23.165:80) -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DA060)

SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DABCA)

SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DDABA)

SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DC346)

SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DB894)

SSDT[41] : NtCreateKey @ 0x806240F6 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DCA3E)

SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DAE20)

SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DAED6)

SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DB1BE)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D99D0)

SSDT[66] : NtDeviceIoControlFile @ 0x80579268 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DCBAE)

SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34E0F48)

SSDT[84] : NtFsControlFile @ 0x8057929C -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DCE66)

SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DA4D6)

SSDT[105] : NtMakeTemporaryObject @ 0x805BC5DC -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD862)

SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DB68C)

SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34E09A0)

SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DAF90)

SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34E0C50)

SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9EE4)

SSDT[180] : NtQueueApcThread @ 0x805D2756 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DACF2)

SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD6B0)

SSDT[199] : NtRequestPort @ 0x805A2A52 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DC4B4)

SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DBE48)

SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD73A)

SSDT[210] : NtSecureConnectPort @ 0x805A3D6C -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DC8CE)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9B40)

SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD60A)

SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DA6D0)

SSDT[249] : NtShutdownSystem @ 0x80612FAE -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD7CC)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9DBC)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9C96)

SSDT[255] : NtSystemDebugControl @ 0x806180CA -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DAAFC)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34E0898)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34E113A)

SSDT[262] : NtUnloadDriver @ 0x80584306 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34DD8F8)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9854)

S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D943C)

S_SSDT[322] : NtUserCallNoParam -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9644)

S_SSDT[323] : NtUserCallOneParam -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D9596)

S_SSDT[347] : NtUserDdeSetQualityOfService -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D93A2)

S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D933E)

S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D91D0)

S_SSDT[416] : NtUserGetKeyState -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D916C)

S_SSDT[460] : NtUserMessageCall -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D8E76)

S_SSDT[475] : NtUserPostMessage -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D8C7C)

S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D8CFC)

S_SSDT[491] : NtUserRegisterRawInputDevices -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D8EFE)

S_SSDT[502] : NtUserSendInput -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D8C2A)

S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D827C)

S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (\??\H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys @ 0xB34D870A)

¤¤¤ HOSTS File: ¤¤¤

--> H:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS +++++

--- User ---

[MBR] 1c16ffd9dacf72be06542c7b354713d1

[bSP] 68c87b7ffe18b9f0a2c898443aca5d42 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EARS-00MVWB0 +++++

--- User ---

[MBR] 587c5cf1103601afa846cf3d5d548844

[bSP] f68e70e5f757c1f796d4abd4b4f885cc : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953866 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12172012_02d1945.txt >>

RKreport[1]_S_12172012_02d1945.txt

[MrCharlie]

Please read the directions carefully so you don't end up deleting something that is good!!

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  
• Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
  

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

MrC

[Gemma]

07:43:49.0000 2960 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

07:43:51.0015 2960 ============================================================

07:43:51.0015 2960 Current date / time: 2012/12/18 07:43:51.0015

07:43:51.0015 2960 SystemInfo:

07:43:51.0015 2960

07:43:51.0015 2960 OS Version: 5.1.2600 ServicePack: 3.0

07:43:51.0015 2960 Product type: Workstation

07:43:51.0015 2960 ComputerName: TONKA

07:43:51.0015 2960 UserName: Gemma

07:43:51.0015 2960 Windows directory: H:\WINDOWS

07:43:51.0015 2960 System windows directory: H:\WINDOWS

07:43:51.0015 2960 Processor architecture: Intel x86

07:43:51.0015 2960 Number of processors: 4

07:43:51.0015 2960 Page size: 0x1000

07:43:51.0015 2960 Boot type: Normal boot

07:43:51.0015 2960 ============================================================

07:43:53.0031 2960 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

07:43:53.0031 2960 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

07:43:53.0093 2960 ============================================================

07:43:53.0093 2960 \Device\Harddisk0\DR0:

07:43:53.0093 2960 MBR partitions:

07:43:53.0093 2960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

07:43:53.0093 2960 \Device\Harddisk1\DR1:

07:43:53.0093 2960 MBR partitions:

07:43:53.0093 2960 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747055D1

07:43:53.0093 2960 ============================================================

07:43:53.0125 2960 H: <-> \Device\Harddisk0\DR0\Partition1

07:43:53.0156 2960 M: <-> \Device\Harddisk1\DR1\Partition1

07:43:53.0156 2960 ============================================================

07:43:53.0156 2960 Initialize success

07:43:53.0156 2960 ============================================================

07:44:56.0828 1716 Deinitialize success

TDSSKiller.2.8.15.0_18.12.2012_07.47.42_log.txt

[MrCharlie]

Looks like that was clean..........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[Gemma]

Ok, here it is below. Also, I think when I had problems downloading RogueKiller the other day it was because Bitdefender thought it was an infected file.

ComboFix 12-12-17.02 - Gemma 18/12/2012 22:04:54.2.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2485 [GMT 11:00]

Running from: h:\documents and settings\Gemma\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: Bitdefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

h:\documents and settings\All Users\Application Data\1341315430.bdinstall.bin

h:\documents and settings\All Users\Application Data\1346892345.bdinstall.bin

h:\documents and settings\All Users\Application Data\1346892754.bdinstall.bin

h:\documents and settings\Gemma\Application Data\HPSU_48BitScanUpdate.log

h:\windows\system32\SET4D.tmp

h:\windows\system32\SET50.tmp

h:\windows\system32\SET54.tmp

h:\windows\system32\SET55.tmp

h:\windows\system32\SET5C.tmp

h:\windows\system32\SET5E.tmp

h:\windows\system32\URTTemp

h:\windows\system32\URTTemp\regtlib.exe

h:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))

.

.

2012-12-17 21:10 . 2012-12-17 21:10 -------- d-----w- h:\program files\iPod

2012-12-17 21:10 . 2012-12-17 21:10 -------- d-----w- h:\program files\iTunes

2012-12-17 21:10 . 2012-12-17 21:10 -------- d-----w- h:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-16 08:37 . 2012-12-16 08:37 -------- d-----w- h:\documents and settings\Gemma\Application Data\DDMSettings

2012-12-03 11:17 . 2012-12-03 11:17 -------- d-----w- h:\documents and settings\Administrator\Local Settings\Application Data\Google

2012-12-03 11:10 . 2012-12-03 11:10 -------- d-----w- h:\documents and settings\Administrator\Application Data\Bitdefender

2012-12-03 10:59 . 2012-12-03 10:59 -------- d-----w- h:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2012-12-03 09:49 . 2012-12-03 09:49 -------- d-----w- h:\documents and settings\Administrator\Application Data\Malwarebytes

2012-12-01 07:57 . 2012-12-03 11:16 -------- d-----w- H:\Other Videos

2012-11-25 03:18 . 2009-01-25 01:14 15224 ----a-w- h:\windows\system32\sdnclean.exe

2012-11-25 03:17 . 2012-11-25 03:18 -------- d-----w- h:\program files\Spybot - Search & Destroy 2

2012-11-25 03:10 . 2012-12-16 08:25 -------- d-----w- h:\program files\CCleaner

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-16 06:53 . 2012-04-08 10:09 73656 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 06:53 . 2012-04-08 10:09 697272 ----a-w- h:\windows\system32\FlashPlayerApp.exe

2012-12-11 08:00 . 2012-09-06 00:56 242504 ----a-w- h:\windows\system32\drivers\avchv.sys

2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- h:\windows\system32\DivXControlPanelApplet.cpl

2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- h:\windows\system32\win32k.sys

2012-11-13 00:21 . 2012-09-06 00:52 343456 ----a-w- h:\windows\system32\drivers\trufos.sys

2012-11-06 00:41 . 2004-08-04 12:00 290560 ----a-w- h:\windows\system32\atmfd.dll

2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- h:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- h:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-08-04 12:00 43520 ----a-w- h:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-08-04 12:00 1469440 ----a-w- h:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-04 12:00 385024 ----a-w- h:\windows\system32\html.iec

2012-10-26 08:30 . 2012-10-26 08:30 622616 ----a-w- h:\windows\system32\drivers\avc3.sys

2012-10-26 08:28 . 2012-09-06 00:56 481464 ----a-w- h:\windows\system32\drivers\avckf.sys

2012-10-26 08:28 . 2012-09-06 00:56 66392 ----a-w- h:\windows\system32\drivers\bdsandbox.sys

2012-10-24 16:12 . 2012-10-24 16:12 94208 ----a-w- h:\windows\system32\QuickTimeVR.qtx

2012-10-24 16:12 . 2012-10-24 16:12 69632 ----a-w- h:\windows\system32\QuickTime.qts

2012-10-12 08:42 . 2012-10-12 08:42 249856 ------w- h:\windows\Setup1.exe

2012-10-12 08:42 . 2012-10-12 08:42 73216 ----a-w- h:\windows\ST6UNST.EXE

2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- h:\windows\system32\synceng.dll

2012-10-01 04:24 . 2012-09-06 00:52 161312 ----a-w- h:\windows\system32\drivers\gzflt.sys

2012-09-29 08:54 . 2012-11-09 10:39 22856 ----a-w- h:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

2012-06-11 06:22 1307728 ----a-w- h:\program files\Microsoft\BingBar\7.1.391.0\BingExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]

@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"

[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]

2012-11-13 00:21 240920 ----a-w- h:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]

@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"

[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]

2012-11-13 00:21 240920 ----a-w- h:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]

@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"

[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]

2012-11-13 00:21 240920 ----a-w- h:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]

@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"

[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]

2012-11-13 00:21 240920 ----a-w- h:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FileHippo.com"="h:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]

"HP Photosmart 6510 series (NET)"="h:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]

"Spybot-S&D Cleaning"="h:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-02 18085888]

"AppleSyncNotifier"="h:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]

"APSDaemon"="h:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"HP Software Update"="h:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"Bdagent"="h:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-12-01 1613368]

"Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2012-08-30 108392]

"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2012-08-30 15512424]

"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]

"SDTray"="h:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]

"DivXMediaServer"="h:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]

"DivXUpdate"="h:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]

"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

h:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Image Zone Fast Start.lnk - h:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "h:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"h:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"h:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

"h:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=

"h:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=

"h:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=

"h:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=

"h:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"h:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 avc3;avc3;h:\windows\system32\drivers\avc3.sys [26/10/2012 7:30 PM 622616]

R0 gzflt;gzflt;h:\windows\system32\drivers\gzflt.sys [6/09/2012 11:52 AM 161312]

R1 BDVEDISK;BDVEDISK;h:\windows\system32\drivers\bdvedisk.sys [6/09/2012 11:56 AM 72704]

R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 3:27 AM 12880]

R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 8:55 AM 67664]

R2 !SASCORE;SAS Core Service;h:\program files\SUPERAntiSpyware\SASCore.exe [12/07/2012 5:54 AM 116608]

R2 MBAMScheduler;MBAMScheduler;h:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/11/2012 9:39 PM 399432]

R2 SafeBox;SafeBox;h:\program files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [6/09/2012 11:56 AM 82824]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;h:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [25/11/2012 2:18 PM 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;h:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [25/11/2012 2:18 PM 1369624]

R2 UPDATESRV;Bitdefender Desktop Update Service;h:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [6/09/2012 11:56 AM 55544]

R3 avchv;avchv Function Driver;h:\windows\system32\drivers\avchv.sys [6/09/2012 11:56 AM 242504]

R3 BBUpdate;BBUpdate;h:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [11/06/2012 5:22 PM 240208]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;h:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [6/09/2012 11:56 AM 116248]

S2 BBSvc;BingBar Service;h:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [11/06/2012 5:22 PM 193616]

S2 MBAMService;MBAMService;h:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/11/2012 9:39 PM 676936]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;h:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [25/11/2012 2:18 PM 168384]

S3 avckf;avckf;h:\windows\system32\drivers\avckf.sys [6/09/2012 11:56 AM 481464]

S3 BDSandBox;BDSandBox;h:\windows\system32\drivers\bdsandbox.sys [6/09/2012 11:56 AM 66392]

S3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [9/11/2012 9:39 PM 22856]

S3 WDC_SAM;WD SCSI Pass Thru driver;h:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]

S4 BdDesktopParental;Bitdefender Desktop Parental Control;h:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [6/09/2012 11:56 AM 59152]

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-18 h:\windows\Tasks\Adobe Flash Player Updater.job

- h:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 06:53]

.

2012-05-30 h:\windows\Tasks\AppleSoftwareUpdate.job

- h:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 07:57]

.

2012-11-10 h:\windows\Tasks\At1.job

- h:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 01:01]

.

2012-12-16 h:\windows\Tasks\At2.job

- h:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 01:01]

.

2012-12-16 h:\windows\Tasks\At3.job

- h:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 01:01]

.

2012-11-26 h:\windows\Tasks\At4.job

- h:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 01:01]

.

2012-12-18 h:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- h:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-11-25 03:08]

.

2012-12-01 h:\windows\Tasks\Disk Cleanup.job

- h:\windows\system32\cleanmgr.exe [2004-08-04 00:12]

.

2012-11-26 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004Core.job

- h:\documents and settings\Gemma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 10:57]

.

2012-12-17 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004UA.job

- h:\documents and settings\Gemma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 10:57]

.

2012-11-26 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005Core.job

- h:\documents and settings\Elizabeth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-25 04:56]

.

2012-12-17 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005UA.job

- h:\documents and settings\Elizabeth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-25 04:56]

.

2012-12-18 h:\windows\Tasks\HP Photo Creations Messager.job

- h:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2012-12-16 h:\windows\Tasks\Malwarebytes' Anti-Malware.job

- h:\progra~1\MALWAR~1\mbam.exe [2012-11-09 08:54]

.

2012-11-25 h:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- h:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-25 03:07]

.

2012-11-25 h:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- h:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-11-25 03:07]

.

2012-03-19 h:\windows\Tasks\shutdown.job

- h:\windows\system32\shutdown.exe [2004-08-04 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = about:blank

uInternet Settings,ProxyOverride = <local>;*.local

uInternet Settings,ProxyServer = 200.76.23.165:80

IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.1.1.1

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-18364662.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-18 22:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35FF3DB5-B1F9-448B-3FC7-6CED177A7C9C}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oagpihefnphanpfngepnpkplhbkhlj"=hex:64,61,67,6e,69,6e,62,61,00,84

"oakolcohlajajeehcenikdpffabegp"=hex:6a,61,6c,6e,70,6c,66,64,6e,68,6b,67,67,6d,

69,68,69,70,67,68,00,02

"naibbchnamilgnjlfiodjaoenkna"=hex:6a,61,67,6e,6e,6e,6c,63,61,69,62,67,6d,6c,

64,70,68,70,6e,69,00,02

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2012-12-18 22:26:12

ComboFix-quarantined-files.txt 2012-12-18 11:26

ComboFix2.txt 2011-11-20 04:18

.

Pre-Run: 387,294,380,032 bytes free

Post-Run: 387,721,732,096 bytes free

.

- - End Of File - - C9D8FB8810D04FE0CD90D57288070B81

[MrCharlie]

Please create a new system restore point before running Malwarebytes Anti-Rootkit.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

[Gemma]

Hi MrC

It took me 4 goes to get MBar to work (ended up having to run it in safemode first time) as I think Bitdefender, MBam or SpyBot were interfering with it and kept making my pc freeze during the scan. Once run twice it found nothing though! I have attached the logs.

I am still experiencing problems on start up (black screen/freeze) when Windows is booting up or screen freezes when loading my user screen and I have to reboot 2 times on average to get it to work. There are several error messages in my system event logs, with entries from 19/11/12 onwards. The first few I don't understand but the more recent ones relate to Spybot update failing on start up (I think) so maybe this is part of my problem. I will try uninstalling it and see if I still have problems. It may be best to just reinstall the OS over the christmas break if it continues.

Thanks heaps for your help. I really appreciate it.

Cheers,

Gemma

mbar-log-2012-12-19 (19-28-05).txt

mbar-log-2012-12-19 (19-49-31).txt

system-log.txt

[MrCharlie]

For now please uninstall Spybot and SUPERAntiSpyware > reboot and ..........

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[Gemma]

Ok, I uninstalled Spybot & SuperAntiSpyware and rebooted. On reboot prior to my user desktop appearing, a new hardware wizard box appeared asking me where I wanted to search for install software, I had to select from local (recommended) or disc so I picked local then a box appeared to select cancel so I did. My pc then loaded my user desktop as normal...

OTL logfile created on: 20/12/2012 7:58:07 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = H:\Documents and Settings\Gemma\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.18% Memory free

5.09 Gb Paging File | 4.26 Gb Available in Paging File | 83.76% Paging File free

Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files

Drive H: | 465.75 Gb Total Space | 360.21 Gb Free Space | 77.34% Space Free | Partition Type: NTFS

Drive M: | 931.51 Gb Total Space | 19.98 Gb Free Space | 2.14% Space Free | Partition Type: NTFS

Computer Name: TONKA | User Name: Gemma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/20 07:56:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Gemma\Desktop\OTL.exe

PRC - [2012/12/11 19:01:49 | 001,343,032 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

PRC - [2012/12/11 19:00:41 | 000,055,544 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

PRC - [2012/12/11 19:00:31 | 001,613,368 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

PRC - [2012/12/05 12:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2012/12/04 02:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/11/30 13:06:58 | 001,263,512 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2012/11/13 11:21:55 | 000,309,424 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\downloader.exe

PRC - [2012/11/13 11:21:50 | 000,082,824 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe

PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- H:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- H:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE

PRC - [2011/09/16 12:08:18 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- H:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe

PRC - [2009/07/23 18:23:56 | 000,178,720 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

PRC - [2009/07/23 18:23:54 | 000,387,616 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe

PRC - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) -- H:\WINDOWS\system32\HPZipm12.exe

PRC - [2005/05/12 01:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- H:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/19 06:52:47 | 000,521,728 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttpdsp.mdl

MOD - [2012/12/19 06:52:46 | 001,959,936 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttpph.mdl

MOD - [2012/12/19 06:52:45 | 000,967,680 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttprbl.mdl

MOD - [2012/12/19 06:52:44 | 000,644,096 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttpbr.mdl

MOD - [2012/12/11 19:01:50 | 000,003,072 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\ui\accessl.ui

MOD - [2012/12/11 19:01:39 | 000,099,304 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\imsecurityal.dll

MOD - [2012/12/11 19:01:37 | 000,004,608 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\ui\imsecurityal.ui

MOD - [2012/12/11 19:00:28 | 000,092,600 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll

MOD - [2012/12/11 18:58:18 | 000,203,840 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll

MOD - [2012/12/05 12:15:15 | 000,460,904 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll

MOD - [2012/12/05 12:15:14 | 004,008,040 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll

MOD - [2012/12/05 12:14:29 | 000,587,880 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\libglesv2.dll

MOD - [2012/12/05 12:14:28 | 000,124,520 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\libegl.dll

MOD - [2012/12/05 12:14:21 | 000,157,304 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avutil-51.dll

MOD - [2012/12/05 12:14:20 | 000,275,576 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avformat-54.dll

MOD - [2012/12/05 12:14:19 | 002,168,952 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll

MOD - [2012/12/04 02:40:50 | 000,357,224 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\nView\nvShell.dll

MOD - [2012/11/30 13:07:48 | 000,100,248 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2012/11/30 13:06:58 | 001,263,512 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2012/11/18 11:55:37 | 000,627,200 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll

MOD - [2012/11/18 11:55:23 | 000,627,712 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll

MOD - [2012/11/18 11:54:22 | 000,971,264 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll

MOD - [2012/11/18 11:51:16 | 005,450,752 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll

MOD - [2012/11/18 11:51:11 | 012,433,920 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll

MOD - [2012/11/18 11:50:59 | 001,592,320 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll

MOD - [2012/11/18 11:50:47 | 006,616,576 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll

MOD - [2012/11/18 11:49:58 | 007,977,472 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll

MOD - [2012/11/18 11:49:52 | 011,492,352 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll

MOD - [2012/11/18 11:49:01 | 002,933,248 | ---- | M] () -- H:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2012/11/18 11:48:47 | 000,303,104 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2012/11/18 11:48:45 | 000,261,632 | ---- | M] () -- H:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2012/11/18 11:28:19 | 003,391,488 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_63d9324c\mscorlib.dll

MOD - [2012/11/18 11:28:17 | 000,843,776 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_66a01e83\system.drawing.dll

MOD - [2012/11/18 11:28:13 | 002,088,960 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b5ca47f3\system.xml.dll

MOD - [2012/11/18 11:28:10 | 003,035,136 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_02546ef7\system.windows.forms.dll

MOD - [2012/11/18 11:28:03 | 001,966,080 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f0478446\system.dll

MOD - [2012/11/18 11:27:57 | 002,064,384 | ---- | M] () -- h:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll

MOD - [2012/11/18 11:27:55 | 001,232,896 | ---- | M] () -- h:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll

MOD - [2012/11/13 11:21:48 | 000,918,696 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender Safebox\system.data.sqlite.dll

MOD - [2012/11/13 11:20:59 | 000,394,408 | ---- | M] () -- \\?\H:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll

MOD - [2012/06/16 08:58:14 | 000,471,040 | ---- | M] () -- h:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll

MOD - [2012/03/11 15:55:40 | 000,088,656 | ---- | M] () -- H:\WINDOWS\system32\cpwmon2k.dll

MOD - [2011/11/14 21:17:06 | 000,132,176 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll

MOD - [2011/10/03 19:26:03 | 001,339,392 | ---- | M] () -- h:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll

MOD - [2011/09/25 13:55:15 | 000,774,144 | ---- | M] () -- h:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll

MOD - [2011/09/18 17:10:18 | 000,065,536 | ---- | M] () -- h:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll

MOD - [2011/09/18 17:10:13 | 000,380,928 | ---- | M] () -- h:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll

MOD - [2011/09/18 17:10:02 | 001,032,192 | ---- | M] () -- h:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll

MOD - [2011/09/18 17:10:02 | 000,004,096 | ---- | M] () -- h:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll

MOD - [2011/09/18 17:10:01 | 000,163,840 | ---- | M] () -- h:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll

MOD - [2011/09/18 17:10:00 | 000,053,248 | ---- | M] () -- h:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll

MOD - [2011/09/18 17:09:59 | 000,512,000 | ---- | M] () -- h:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll

MOD - [2011/09/18 17:09:59 | 000,015,360 | ---- | M] () -- h:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll

MOD - [2011/09/18 17:09:59 | 000,010,752 | ---- | M] () -- h:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll

MOD - [2011/09/18 17:09:58 | 000,364,544 | ---- | M] () -- h:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll

MOD - [2011/09/18 17:09:58 | 000,188,416 | ---- | M] () -- h:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll

MOD - [2011/09/18 17:09:58 | 000,069,632 | ---- | M] () -- h:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll

MOD - [2011/09/18 17:09:58 | 000,057,344 | ---- | M] () -- h:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll

MOD - [2011/09/18 17:09:58 | 000,045,056 | ---- | M] () -- h:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll

MOD - [2011/09/18 17:09:58 | 000,036,864 | ---- | M] () -- h:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll

MOD - [2011/09/18 17:09:58 | 000,020,480 | ---- | M] () -- h:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll

MOD - [2011/09/18 17:09:57 | 000,589,824 | ---- | M] () -- h:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll

MOD - [2011/09/18 17:09:57 | 000,024,576 | ---- | M] () -- h:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll

MOD - [2011/09/18 17:08:16 | 000,065,536 | ---- | M] () -- h:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll

MOD - [2011/09/18 17:08:16 | 000,057,344 | ---- | M] () -- h:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll

MOD - [2011/09/18 17:08:15 | 000,430,080 | ---- | M] () -- h:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll

MOD - [2011/09/18 17:08:15 | 000,090,112 | ---- | M] () -- h:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll

MOD - [2011/09/18 17:08:15 | 000,086,016 | ---- | M] () -- h:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll

MOD - [2011/09/18 17:08:15 | 000,077,824 | ---- | M] () -- h:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll

MOD - [2011/09/18 17:08:15 | 000,069,632 | ---- | M] () -- h:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll

MOD - [2011/09/18 17:08:15 | 000,040,960 | ---- | M] () -- h:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll

MOD - [2011/09/18 17:08:14 | 000,225,280 | ---- | M] () -- h:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll

MOD - [2011/09/18 17:08:14 | 000,069,632 | ---- | M] () -- h:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll

MOD - [2011/09/18 17:08:14 | 000,036,864 | ---- | M] () -- h:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll

MOD - [2011/09/18 17:06:04 | 000,007,680 | ---- | M] () -- h:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/07/23 18:23:56 | 000,178,720 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

MOD - [2009/07/23 18:23:54 | 000,387,616 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

MOD - [2009/07/23 18:23:48 | 000,436,768 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll

MOD - [2009/07/23 18:23:08 | 000,068,128 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/12/16 17:53:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/11 19:01:49 | 001,343,032 | ---- | M] (Bitdefender) [Auto | Running] -- H:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)

SRV - [2012/12/11 19:00:41 | 000,055,544 | ---- | M] (Bitdefender) [Auto | Running] -- H:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)

SRV - [2012/12/11 18:58:00 | 000,061,736 | ---- | M] (Bitdefender) [Disabled | Stopped] -- H:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)

SRV - [2012/12/04 02:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/11/13 11:21:50 | 000,082,824 | ---- | M] (Bitdefender) [Auto | Running] -- H:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- H:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- H:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- H:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)

SRV - [2009/07/23 18:23:56 | 000,178,720 | ---- | M] () [Auto | Running] -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV - [2009/07/23 18:23:54 | 000,387,616 | ---- | M] () [Auto | Running] -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)

SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- H:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOCUME~1\Gemma\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vbtenum.sys -- (BTHidEnum)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)

DRV - [2012/12/19 19:37:43 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV - [2012/12/11 19:00:56 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avchv.sys -- (avchv)

DRV - [2012/11/13 11:21:14 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\trufos.sys -- (trufos)

DRV - [2012/10/26 19:30:02 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avc3.sys -- (avc3)

DRV - [2012/10/26 19:28:52 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)

DRV - [2012/10/26 19:28:24 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avckf.sys -- (avckf)

DRV - [2012/10/26 19:28:21 | 000,066,392 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\bdsandbox.sys -- (BDSandBox)

DRV - [2012/10/01 15:24:16 | 000,161,312 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)

DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/07/06 16:13:08 | 000,116,248 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- H:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)

DRV - [2012/04/17 15:40:22 | 000,072,704 | ---- | M] (BitDefender) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)

DRV - [2011/11/14 21:16:26 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- H:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)

DRV - [2009/07/01 12:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2009/07/01 12:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2009/02/11 13:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:windows update [binary data]

IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238

IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 200.76.23.165:80

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: H:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: H:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: H:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: H:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/16 19:33:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: H:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012/09/06 11:56:29 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Enabled) = H:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = H:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: ABR_AUSkey Mozilla Plugin (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\ABR\Plug-In\bin\npAUSkeyPlugin.dll

CHR - plugin: Google Update (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: CSI Mozilla Plugin (Enabled) = H:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: iTunes Application Detector (Enabled) = H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Disabled) = H:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - Extension: YouTube = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google Search = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/19 06:18:11 | 000,444,027 | R--- | M]) - H:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15277 more lines...

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - H:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.

O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.

O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - H:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bdagent] H:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)

O4 - HKLM..\Run: [DivXMediaServer] H:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()

O4 - HKLM..\Run: [DivXUpdate] H:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()

O4 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004..\Run: [FileHippo.com] H:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)

O4 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004..\Run: [HP Photosmart 6510 series (NET)] H:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353196746656 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348748221718 (MUWebControl Class)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D9776FA-00BD-402A-9319-AAA9F5A244A1}: DhcpNameServer = 10.1.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/20 07:56:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Gemma\Desktop\OTL.exe

[2012/12/19 21:57:02 | 000,000,000 | ---D | C] -- H:\Program Files\AGEIA Technologies

[2012/12/19 18:11:19 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Gemma\Desktop\mbar

[2012/12/18 23:44:40 | 000,000,000 | RH-D | C] -- H:\Documents and Settings\Gemma\Recent

[2012/12/18 22:31:59 | 000,000,000 | -HSD | C] -- H:\RECYCLER

[2012/12/18 22:02:45 | 000,518,144 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe

[2012/12/18 22:02:45 | 000,406,528 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe

[2012/12/18 22:02:45 | 000,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe

[2012/12/18 22:02:45 | 000,060,416 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe

[2012/12/18 22:02:35 | 000,000,000 | ---D | C] -- H:\Qoobox

[2012/12/18 21:54:15 | 005,012,571 | R--- | C] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\ComboFix.exe

[2012/12/18 21:47:17 | 000,000,000 | ---D | C] -- M:\Gemma's Stuff\ProcAlyzer Dumps

[2012/12/18 08:11:05 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2012/12/18 08:10:32 | 000,000,000 | ---D | C] -- H:\Program Files\iPod

[2012/12/18 08:10:26 | 000,000,000 | ---D | C] -- H:\Program Files\iTunes

[2012/12/18 08:10:26 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012/12/17 19:31:00 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Gemma\Desktop\RK_Quarantine

[2012/12/17 10:28:21 | 000,688,992 | R--- | C] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\dds.com

[2012/12/16 19:37:27 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Gemma\Application Data\DDMSettings

[2012/12/16 19:25:35 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\CCleaner

[2012/12/01 18:57:25 | 000,000,000 | ---D | C] -- H:\Other Videos

[2012/11/25 14:17:54 | 000,000,000 | ---D | C] -- H:\Program Files\Spybot - Search & Destroy 2

[2012/11/25 14:10:49 | 000,000,000 | ---D | C] -- H:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2012/12/20 08:01:00 | 000,000,332 | ---- | M] () -- H:\WINDOWS\tasks\HP Photo Creations Messager.job

[2012/12/20 07:56:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Gemma\Desktop\OTL.exe

[2012/12/20 07:56:37 | 000,484,544 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat

[2012/12/20 07:56:37 | 000,080,814 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat

[2012/12/20 07:53:15 | 000,000,830 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/12/20 07:52:07 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat

[2012/12/19 21:55:28 | 001,070,792 | ---- | M] () -- H:\WINDOWS\System32\nvdrsdb1.bin

[2012/12/19 21:55:28 | 000,000,001 | ---- | M] () -- H:\WINDOWS\System32\nvdrssel.bin

[2012/12/19 21:55:24 | 001,070,792 | ---- | M] () -- H:\WINDOWS\System32\nvdrsdb0.bin

[2012/12/19 21:27:52 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl

[2012/12/19 21:27:00 | 000,000,978 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004UA.job

[2012/12/19 21:26:00 | 000,000,994 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005UA.job

[2012/12/19 20:40:00 | 000,000,460 | ---- | M] () -- H:\WINDOWS\tasks\At2.job

[2012/12/19 19:37:43 | 000,035,144 | ---- | M] () -- H:\WINDOWS\System32\drivers\mbamchameleon.sys

[2012/12/19 18:10:55 | 013,485,902 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\mbar-1.01.0.1011.zip

[2012/12/19 06:18:11 | 000,444,027 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts

[2012/12/19 06:15:44 | 000,444,027 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121219-061811.backup

[2012/12/18 22:43:00 | 000,000,460 | ---- | M] () -- H:\WINDOWS\tasks\At3.job

[2012/12/18 22:14:59 | 000,000,027 | ---- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121219-061544.backup

[2012/12/18 21:55:06 | 005,012,571 | R--- | M] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\ComboFix.exe

[2012/12/18 21:47:12 | 000,000,360 | RHS- | M] () -- H:\boot.ini

[2012/12/18 08:11:05 | 000,001,542 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2012/12/17 19:20:43 | 000,148,400 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT

[2012/12/17 10:28:23 | 000,688,992 | R--- | M] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\dds.com

[2012/12/16 19:33:29 | 000,001,371 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\DivX Movies.lnk

[2012/12/16 19:33:17 | 000,000,777 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk

[2012/12/16 19:33:05 | 000,000,817 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk

[2012/12/16 19:29:52 | 000,002,262 | ---- | M] () -- H:\Documents and Settings\Gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/12/16 19:29:51 | 000,002,284 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\Google Chrome.lnk

[2012/12/16 19:25:57 | 000,001,632 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\Update Checker.lnk

[2012/12/16 19:25:35 | 000,000,682 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2012/12/16 19:00:00 | 000,000,256 | ---- | M] () -- H:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job

[2012/12/11 19:00:56 | 000,242,504 | ---- | M] (BitDefender) -- H:\WINDOWS\System32\drivers\avchv.sys

[2012/12/04 02:40:50 | 002,283,884 | ---- | M] () -- H:\WINDOWS\System32\nvdata.data

[2012/12/04 02:40:50 | 000,012,951 | ---- | M] () -- H:\WINDOWS\System32\nvinfo.pb

[2012/12/03 22:24:42 | 000,000,664 | ---- | M] () -- H:\WINDOWS\System32\d3d9caps.dat

[2012/12/01 19:00:10 | 000,000,260 | ---- | M] () -- H:\WINDOWS\tasks\Disk Cleanup.job

[2012/11/26 16:27:01 | 000,000,926 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004Core.job

[2012/11/26 14:26:00 | 000,000,942 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005Core.job

[2012/11/26 14:00:00 | 000,000,460 | ---- | M] () -- H:\WINDOWS\tasks\At4.job

[2012/11/25 22:14:21 | 000,000,164 | ---- | M] () -- M:\Gemma's Stuff\cc_20121125_221416.reg

[2012/11/25 22:14:00 | 000,000,830 | ---- | M] () -- M:\Gemma's Stuff\cc_20121125_221338.reg

[2012/11/25 22:13:21 | 000,213,628 | ---- | M] () -- M:\Gemma's Stuff\cc_20121125_220713.reg

[2012/11/25 16:35:44 | 000,444,088 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121126-153422.backup

[2012/11/25 16:35:18 | 000,444,088 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121125-163544.backup

========== Files Created - No Company Name ==========

[2012/12/19 19:37:43 | 000,035,144 | ---- | C] () -- H:\WINDOWS\System32\drivers\mbamchameleon.sys

[2012/12/19 07:36:31 | 013,485,902 | ---- | C] () -- H:\Documents and Settings\Gemma\Desktop\mbar-1.01.0.1011.zip

[2012/12/18 22:02:45 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe

[2012/12/18 22:02:45 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe

[2012/12/18 22:02:45 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe

[2012/12/18 22:02:45 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe

[2012/12/18 22:02:45 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe

[2012/12/18 08:11:05 | 000,001,542 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2012/11/25 22:14:18 | 000,000,164 | ---- | C] () -- M:\Gemma's Stuff\cc_20121125_221416.reg

[2012/11/25 22:13:42 | 000,000,830 | ---- | C] () -- M:\Gemma's Stuff\cc_20121125_221338.reg

[2012/11/25 22:07:22 | 000,213,628 | ---- | C] () -- M:\Gemma's Stuff\cc_20121125_220713.reg

[2012/11/25 14:10:50 | 000,000,682 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2012/11/12 13:44:51 | 000,000,385 | ---- | C] () -- H:\Documents and Settings\Gemma\Application Datauser_gensett.xml

[2012/09/16 17:22:52 | 002,283,884 | ---- | C] () -- H:\WINDOWS\System32\nvdata.data

[2012/09/06 23:41:13 | 000,000,057 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\Ament.ini

[2012/03/18 18:19:36 | 000,047,104 | ---- | C] () -- H:\WINDOWS\AKDeInstall.exe

[2012/02/15 18:11:47 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll

[2011/11/13 20:02:09 | 000,000,664 | ---- | C] () -- H:\WINDOWS\System32\d3d9caps.dat

[2011/09/25 15:59:19 | 000,000,214 | ---- | C] () -- H:\WINDOWS\HP_InstantSHareJPG.ini

[2011/09/25 13:55:13 | 000,000,217 | ---- | C] () -- H:\WINDOWS\HP_IZClosingDiscErrorPatch.ini

[2011/09/25 12:58:08 | 000,000,227 | ---- | C] () -- H:\WINDOWS\HP_CounterReport_Update_HPSU.ini

[2011/09/19 09:20:28 | 000,000,128 | ---- | C] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\fusioncache.dat

[2011/04/09 13:05:17 | 000,000,695 | ---- | C] () -- H:\WINDOWS\MYOBP.INI

[2011/04/09 13:05:17 | 000,000,057 | ---- | C] () -- H:\WINDOWS\MYOB.INI

[2011/04/09 12:16:48 | 000,000,663 | ---- | C] () -- H:\WINDOWS\openrda.ini

[2011/04/09 12:16:38 | 000,000,000 | ---- | C] () -- H:\WINDOWS\drvxl32.INI

[2011/04/09 12:16:34 | 000,000,000 | ---- | C] () -- H:\WINDOWS\drvwd32.INI

[2011/03/15 18:39:22 | 000,000,214 | ---- | C] () -- H:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2010/08/08 23:35:00 | 000,079,872 | ---- | C] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/04/09 12:11:25 | 000,000,227 | RHS- | M] () -- H:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/17 03:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 11:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/03 22:10:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Administrator\Application Data\Bitdefender

[2012/12/18 08:10:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012/07/03 22:43:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\BDLogging

[2012/09/06 11:58:18 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Bitdefender

[2011/10/15 18:37:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\CheckPoint

[2010/08/08 18:10:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Kaspersky SDK

[2010/09/12 09:31:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2010/09/12 09:34:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PC Suite

[2010/08/08 22:31:41 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/07/11 17:43:24 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{4C0DBD62-F011-4A41-B11D-BE5CFA6DEDD7}

[2012/10/01 15:21:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Elizabeth\Application Data\Bitdefender

[2010/09/20 14:06:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Elizabeth\Application Data\CheckPoint

[2010/09/20 14:06:12 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Elizabeth\Application Data\MailFrontier

[2012/11/19 17:26:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\AUSkey

[2012/09/06 22:11:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\Bitdefender

[2010/08/08 18:01:39 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\CheckPoint

[2012/12/16 19:37:27 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\DDMSettings

[2012/01/31 20:21:53 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\Image Zone Express

[2011/07/11 15:55:31 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\MailFrontier

[2010/09/12 09:34:45 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\PC Suite

[2012/07/03 22:38:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\QuickScan

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 20/12/2012 7:58:07 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = H:\Documents and Settings\Gemma\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.18% Memory free

5.09 Gb Paging File | 4.26 Gb Available in Paging File | 83.76% Paging File free

Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files

Drive H: | 465.75 Gb Total Space | 360.21 Gb Free Space | 77.34% Space Free | Partition Type: NTFS

Drive M: | 931.51 Gb Total Space | 19.98 Gb Free Space | 2.14% Space Free | Partition Type: NTFS

Computer Name: TONKA | User Name: Gemma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"H:\Program Files\Windows Live\Messenger\wlcsdk.exe" = H:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"H:\Program Files\Windows Live\Messenger\msnmsgr.exe" = H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"H:\Program Files\Bonjour\mDNSResponder.exe" = H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"H:\Program Files\Windows Live\Messenger\wlcsdk.exe" = H:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"H:\Program Files\Windows Live\Messenger\msnmsgr.exe" = H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"H:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe" = H:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Photosmart 6510 series) -- (Hewlett-Packard Co.)

"H:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe" = H:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 6510 series) -- (Hewlett-Packard Co.)

"H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"H:\Program Files\iTunes\iTunes.exe" = H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert

"{1976B721-8F15-4B86-92D2-725364AF8CE0}" = AUSkey software 1.4.0.3

"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS

"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config

"{8272813D-F806-4AD1-95E0-9F4340F4B329}" = HP Photosmart 6510 series Product Improvement Study

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19

"{A06176AF-7494-4B29-BE74-F01323AD3233}" = MYOB BusinessBasics v1

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Help

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI

"{AF06FEB8-B5BB-44EA-B554-B825A65025EC}" = HP Photosmart 6510 series Basic Device Software

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.70

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.70

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter

"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface

"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010

"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

"{FF7DD5BE-42FF-44B8-AF36-4A46CD2C6D42}" = AUSkey software 1.4.0.6

"AC3Filter_is1" = AC3Filter 1.63b

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Alt.Binz" = Alt.Binz 0.25.0

"Bitdefender" = Bitdefender Total Security 2013

"CCleaner" = CCleaner

"Common-Use Signing Interface" = Common-Use Signing Interface

"CutePDF Writer Installation" = CutePDF Writer 3.0

"Direct WAV MP3 Splitter_is1" = Direct WAV MP3 Splitter version 2.6.0.21

"DivX Setup" = DivX Setup

"DVD Flick_is1" = DVD Flick 1.3.0.7

"FileHippo.com" = FileHippo.com Update Checker

"HP Photo & Imaging" = HP Image Zone 5.3

"HP Photo Creations" = HP Photo Creations

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19

"InstallShield_{A06176AF-7494-4B29-BE74-F01323AD3233}" = MYOB BusinessBasics v1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"mpegable DS" = mpegable DS decoder

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Non Driver CIO Components" = Non Driver CIO Components

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"oggcodecs" = oggcodecs 0.71.0946

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"WET7Cable" = Windows Easy Transfer for Windows 7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XP Codec Pack" = XP Codec Pack

"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 3/12/2012 7:27:54 AM | Computer Name = TONKA | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module unknown, version 0.0.0.0, fault address 0x03237e30.

Error - 3/12/2012 7:27:59 AM | Computer Name = TONKA | Source = Application Error | ID = 1001

Description = Fault bucket 879003832.

[ System Events ]

Error - 19/12/2012 4:38:32 PM | Computer Name = TONKA | Source = DCOM | ID = 10010

Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register

with DCOM within the required timeout.

Error - 19/12/2012 4:48:06 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023

Description = The Automatic Updates service terminated with the following error:

%%126

Error - 19/12/2012 4:48:36 PM | Computer Name = TONKA | Source = DCOM | ID = 10010

Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register

with DCOM within the required timeout.

Error - 19/12/2012 4:52:41 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023

Description = The BITS service terminated with the following error: %%126

Error - 19/12/2012 4:52:41 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023

Description = The Automatic Updates service terminated with the following error:

%%126

Error - 19/12/2012 4:53:40 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023

Description = The Automatic Updates service terminated with the following error:

%%126

Error - 19/12/2012 4:54:10 PM | Computer Name = TONKA | Source = DCOM | ID = 10010

Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register

with DCOM within the required timeout.

Error - 19/12/2012 4:58:29 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023

Description = The BITS service terminated with the following error: %%126

Error - 19/12/2012 4:58:57 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023

Description = The Automatic Updates service terminated with the following error:

%%126

Error - 19/12/2012 4:58:59 PM | Computer Name = TONKA | Source = DCOM | ID = 10010

Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register

with DCOM within the required timeout.

< End of report >

[MrCharlie]

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.

O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.

O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.

O3 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOCUME~1\Gemma\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vbtenum.sys -- (BTHidEnum)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

[Gemma]

My pc is booting up faster than before but I had that new hardware wizard box appear when my user desktop loaded again today. Next to the name of the hardware it says "unknown". I cancelled out again. Latest log is below:

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.

Registry value HKEY_USERS\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

Service WDICA stopped successfully!

Service WDICA deleted successfully!

Service VcommMgr stopped successfully!

Service VcommMgr deleted successfully!

File System32\Drivers\VcommMgr.sys not found.

Service VComm stopped successfully!

Service VComm deleted successfully!

File system32\DRIVERS\VComm.sys not found.

Service PDRFRAME stopped successfully!

Service PDRFRAME deleted successfully!

Service PDRELI stopped successfully!

Service PDRELI deleted successfully!

Service PDFRAME stopped successfully!

Service PDFRAME deleted successfully!

Service PDCOMP stopped successfully!

Service PDCOMP deleted successfully!

Service PCIDump stopped successfully!

Service PCIDump deleted successfully!

Service lbrtfdc stopped successfully!

Service lbrtfdc deleted successfully!

Service i2omgmt stopped successfully!

Service i2omgmt deleted successfully!

Service Changer stopped successfully!

Service Changer deleted successfully!

Service catchme stopped successfully!

Service catchme deleted successfully!

File H:\DOCUME~1\Gemma\LOCALS~1\Temp\catchme.sys not found.

Service BTHidMgr stopped successfully!

Service BTHidMgr deleted successfully!

File System32\Drivers\BTHidMgr.sys not found.

Service BTHidEnum stopped successfully!

Service BTHidEnum deleted successfully!

File system32\DRIVERS\vbtenum.sys not found.

Service Btcsrusb stopped successfully!

Service Btcsrusb deleted successfully!

File System32\Drivers\btcusb.sys not found.

Service BT stopped successfully!

Service BT deleted successfully!

File system32\DRIVERS\btnetdrv.sys not found.

Service BlueletSCOAudio stopped successfully!

Service BlueletSCOAudio deleted successfully!

File system32\DRIVERS\BlueletSCOAudio.sys not found.

Service BlueletAudio stopped successfully!

Service BlueletAudio deleted successfully!

File system32\DRIVERS\blueletaudio.sys not found.

OTL by OldTimer - Version 3.2.69.0 log created on 12202012_194500

[Gemma]

Shortly after I posted the above I had the blue screen of death again. I checked the system errors and I have had this message a few times in the past month. Not sure if it is relevant with my other pc issues!

Event Type: Error

Event Source: System Error

Event Category: (102)

Event ID: 1003

Date: 20/12/2012

Time: 8:16:24 PM

User: N/A

Computer: TONKA

Description:

Error code 1000008e, parameter1 c0000005, parameter2 bf8488a2, parameter3 b2300ae4, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 53 79 73 74 65 6d 20 45 System E

0008: 72 72 6f 72 20 20 45 72 rror Er

0010: 72 6f 72 20 63 6f 64 65 ror code

0018: 20 31 30 30 30 30 30 38 1000008

0020: 65 20 20 50 61 72 61 6d e Param

0028: 65 74 65 72 73 20 63 30 eters c0

0030: 30 30 30 30 30 35 2c 20 000005,

0038: 62 66 38 34 38 38 61 32 bf8488a2

0040: 2c 20 62 32 33 30 30 61 , b2300a

0048: 65 34 2c 20 30 30 30 30 e4, 0000

0050: 30 30 30 30 0000

[Gemma]

Sorry for the multiple posts but I also noticed in the system event list that updates (windows I think) have been terminated many times so I opened internet explorer and tried to check windows updates but I get the following:

Files required to use Windows Update are no longer registered or installed on your computer. To continue:

Register or reinstall the files for me now (Recommended)

Let me read about more steps that might be required to solve the problem

It then comes up with this:

Download and install the latest updating software

Registering: 100%...

And then after a 10 seconds or so, I get this:

The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.

For self-help options:

• Frequently Asked Questions
  
• Find Solutions
  
• Windows Update Newsgroup
  

For assisted support options:

• Microsoft Online Assisted Support (no-cost for Windows Update issues)
  

[MrCharlie]

For the problem with Windows Update:

Please download on the Desktop the following application: Windows Repair

Next, extract and launch the Repair_Windows.exe

Click on Start repairs tab and then click on Start

Check mark following options alone:

Repair Windows Updates

Checkmark Restart System When Finished option

click the Start button

System should restart after repair

Let me know.....MrC

[Gemma]

I followed your instructions and windows update works now. And the last two reboots have been quick as they should be with no system error logs. I do still keep getting the new hardware wizard box appearing every time I reboot and I just select cancel as the hardware listed is "unknown". Windows update didn't show any updates for hardware were required and neither has FileHippo.

[MrCharlie]

Take a look in the Device Manager and see if there's any problems (you may see red or yellow !! ??).

MrC

[Gemma]

Ok, I found & fixed it. It was something called ROOT\LEGACY\SASKUTIL\0000 which was left behind when I uninstalled SuperAntiSpyware. So I downloaded an uninstall file to remove it from bleepingcomputer.com, rebooted and no more new device wizard!

[MrCharlie]

OK, what problems remain?? MrC

[Gemma]

It seems to be running ok but I still have this error message appearing in system logs today:

Event Type: Warning

Event Source: Tcpip

Event Category: None

Event ID: 4226

Date: 22/12/2012

Time: 7:58:11 AM

User: N/A

Computer: TONKA

Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 00 00 00 00 01 00 54 00 ......T.

0008: 00 00 00 00 82 10 00 80 ....

[MrCharlie]

See if this works/applies:

http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=4226&EvtSrc=Tcpip&LCID=1033

MrC

[Gemma]

Merry Christmas MrC! I hope you're having a good one

I followed your last link with instructions and the following ip address always appears first: 66.223.50.32. When I checked the PID in task manager it is linked to vsserv.exe. I tried to end the process as suggested but I get the message "Operation could not be completed. Access is denied." I realise that vsserv.exe is used by Bitdefender so I tried shutting that down but the exe file still seems to be running and using a fair amount of memory usage still, varying between 2,000kb - 37,000kb. Usually at the higher end.

I am not sure what to do now...

[MrCharlie]

Read this:

http://forum.bitdefender.com/index.php?showtopic=31079

MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!