Jump to content

malwarebytes and avira freeze during scan


Recommended Posts

Hi, yesterday after my computer came out of hibernation I got a message ona blue screen that windows has encountered a problem and needs to close.

I scanned with malwarebytes a few times and it scanned for around 5 minutes until it came to a file "windows:\ dtcinstall" then it frooze. after a few minutes igot the blue screen again with the same message.

the same thing happens with avira.

i have no problem with updating either.

when i try to shutdown the computer it hangs on "windows is shutting down"

i dont have any pop-ups or re-directs. BUT it seems something is wrong.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:37:37, on 14/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Boylesports i-bar - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\PROGRA~1\BOYLES~2\BOYLES~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Boylesports i-bar - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\PROGRA~1\BOYLES~2\BOYLES~1.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O5 "LPT1:" /M "Stylus COLOR 580"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by135fd.bay135.hotmail.msn.com/activex/HMAtchmt.ocx

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate1c9bdb2175ddae8) (gupdate1c9bdb2175ddae8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 11062 bytes

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/10/14 18:40

Program Version: Version 1.3.2.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xAA194000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7B13000 Size: 8192 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA951E000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: c:\documents and settings\user\local settings\temp\~df614a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\user\local settings\temp\~df6331.tmp

Status: Allocation size mismatch (API: 65536, Raw: 16384)

SSDT

-------------------

#: 017 Function Name: NtAllocateVirtualMemory

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a0e60

#: 019 Function Name: NtAssignProcessToJobObject

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a15c0

#: 031 Function Name: NtConnectPort

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29f610

#: 037 Function Name: NtCreateFile

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae0d0

#: 041 Function Name: NtCreateKey

Status: Hooked by "<unknown>" at address 0xf7bce746

#: 046 Function Name: NtCreatePort

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29f2c0

#: 047 Function Name: NtCreateProcess

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29c580

#: 048 Function Name: NtCreateProcessEx

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29c960

#: 050 Function Name: NtCreateSection

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29c060

#: 053 Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0xf7bce73c

#: 057 Function Name: NtDebugActiveProcess

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29e5a0

#: 062 Function Name: NtDeleteFile

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2aeb50

#: 063 Function Name: NtDeleteKey

Status: Hooked by "<unknown>" at address 0xf7bce74b

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "<unknown>" at address 0xf7bce755

#: 068 Function Name: NtDuplicateObject

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29efe0

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae070

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae0a0

#: 097 Function Name: NtLoadDriver

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a05d0

#: 098 Function Name: NtLoadKey

Status: Hooked by "<unknown>" at address 0xf7bce75a

#: 116 Function Name: NtOpenFile

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae760

#: 119 Function Name: NtOpenKey

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2acc20

#: 122 Function Name: NtOpenProcess

Status: Hooked by "<unknown>" at address 0xf7bce728

#: 125 Function Name: NtOpenSection

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29c300

#: 128 Function Name: NtOpenThread

Status: Hooked by "<unknown>" at address 0xf7bce72d

#: 137 Function Name: NtProtectVirtualMemory

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a1250

#: 145 Function Name: NtQueryDirectoryFile

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a0a10

#: 160 Function Name: NtQueryKey

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae010

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae040

#: 180 Function Name: NtQueueApcThread

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a1740

#: 193 Function Name: NtReplaceKey

Status: Hooked by "<unknown>" at address 0xf7bce764

#: 200 Function Name: NtRequestWaitReplyPort

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a0180

#: 204 Function Name: NtRestoreKey

Status: Hooked by "<unknown>" at address 0xf7bce75f

#: 206 Function Name: NtResumeThread

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29ec90

#: 207 Function Name: NtSaveKey

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2adff0

#: 210 Function Name: NtSecureConnectPort

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29f9d0

#: 213 Function Name: NtSetContextThread

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29e3c0

#: 224 Function Name: NtSetInformationFile

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2aee10

#: 240 Function Name: NtSetSystemInformation

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29e720

#: 247 Function Name: NtSetValueKey

Status: Hooked by "<unknown>" at address 0xf7bce750

#: 249 Function Name: NtShutdownSystem

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a04d0

#: 253 Function Name: NtSuspendProcess

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29ee40

#: 254 Function Name: NtSuspendThread

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29eac0

#: 255 Function Name: NtSystemDebugControl

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29e900

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "<unknown>" at address 0xf7bce737

#: 258 Function Name: NtTerminateThread

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29e1a0

#: 262 Function Name: NtUnloadDriver

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a07f0

#: 277 Function Name: NtWriteVirtualMemory

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a1400

Shadow SSDT

-------------------

#: 013 Function Name: NtGdiBitBlt

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29a8b0

#: 233 Function Name: NtGdiOpenDCW

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29abe0

#: 307 Function Name: NtUserAttachThreadInput

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa297d50

#: 310 Function Name: NtUserBlockInput

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2997d0

#: 319 Function Name: NtUserCallHwndParamLock

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299350

#: 324 Function Name: NtUserCallTwoParam

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29a1c0

#: 383 Function Name: NtUserGetAsyncKeyState

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa298770

#: 389 Function Name: NtUserGetClipboardData

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299a80

#: 401 Function Name: NtUserGetDC

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29a590

#: 414 Function Name: NtUserGetKeyboardState

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa298640

#: 416 Function Name: NtUserGetKeyState

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa298510

#: 439 Function Name: NtUserGetWindowDC

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29a720

#: 460 Function Name: NtUserMessageCall

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2988a0

#: 465 Function Name: NtUserMoveWindow

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299da0

#: 475 Function Name: NtUserPostMessage

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa298ca0

#: 476 Function Name: NtUserPostThreadMessage

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299000

#: 491 Function Name: NtUserRegisterRawInputDevices

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa297bf0

#: 502 Function Name: NtUserSendInput

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2995a0

#: 509 Function Name: NtUserSetClipboardViewer

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299940

#: 529 Function Name: NtUserSetParent

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299bd0

#: 546 Function Name: NtUserSetWindowPos

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29a090

#: 548 Function Name: NtUserSetWindowsHookAW

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa297740

#: 549 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa297360

#: 552 Function Name: NtUserSetWinEventHook

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2979a0

#: 555 Function Name: NtUserShowWindow

Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299fc0

==EOF==

Link to post
Share on other sites

I'm bumping because I think I've been forgotten.

Anyway updates : I still dont have any pop-ups or re-directs or any obvious signs of Malware.

In my previous post I said that it was Dctinstall.log that was the problem but i'm nearly certain now after running several online scans that the problem is "dump5bbc" I found it in my Windows folder. It looks as if it a Word document but i have my doubts. Any scan I run, when it gets to this file freezes the whole computer withe the message "a problem has been detected and windows has been shutdown to prevent damage to your computer"

The strange thing is that when I go into the Windows folder and touch (not click) that file with the mouse the same freezing accours.

I hope somebody could help me and i do appreciate that you are very busy people. THANKS K

Link to post
Share on other sites

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll
    %systemroot%\system32\drivers\iaStor.sys
    %systemroot%\System32\drivers\nvstor.sys
    %systemroot%\system32\drivers\atapi.sys
    %systemroot%\system32\drivers\IdeChnDr.sys

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Link to post
Share on other sites

Thank you very much for helping chamber.

update. I managed to delete the file DUMP5BBC.TMP while in safe mode. This meant that i could complete all scan and they were clear.

Only one report came from OTL.

OTL logfile created on: 23/10/2009 13:24:38 - Run 3

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\User\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

759.37 Mb Total Physical Memory | 358.38 Mb Available Physical Memory | 47.19% Memory free

1.81 Gb Paging File | 1.36 Gb Available in Paging File | 75.04% Paging File free

Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 24.73 Gb Total Space | 8.97 Gb Free Space | 36.29% Space Free | Partition Type: NTFS

Drive D: | 9.30 Gb Total Space | 9.24 Gb Free Space | 99.40% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DF9MSC2J

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)

PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\OAhlp.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)

PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gupdate1c9bdb2175ddae8 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (idsvc [unknown | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

SRV - (InCDsrvR [Auto | Stopped]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (MDM [Auto | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)

SRV - (OAcat [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)

SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (SvcOnlineArmor [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

SRV - (wltrysvc [Auto | Stopped]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (APPDRV [system | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)

DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (avgio [system | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)

DRV - (avipbb [system | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)

DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)

DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)

DRV - (catchme [Disabled | Running]) -- File not found

DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)

DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)

DRV - (InCDPass [system | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Nero AG)

DRV - (incdrm [system | Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (OADevice [system | Running]) -- C:\WINDOWS\System32\drivers\OADriver.sys (Tall Emu)

DRV - (OAmon [system | Running]) -- C:\WINDOWS\System32\drivers\OAmon.sys (Tall Emu)

DRV - (OAnet [system | Running]) -- C:\WINDOWS\System32\drivers\OAnet.sys (Tall Emu Pty Ltd)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (rootrepeal [unknown | Stopped]) -- Service key not found. File not found

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (ssmdrv [system | Running]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)

DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Tall Emu\Online Armor\OAwatch.dll (Tall Emu)

MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation)

MOD - C:\WINDOWS\System32\WINSTA.dll (Microsoft Corporation)

MOD - C:\WINDOWS\System32\wsock32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\System32\wtsapi32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8484

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/29 18:59:11 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/03 17:35:08 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/06 14:08:49 | 00,000,000 | ---D | M]

[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions

[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\tiicj0w9.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)

O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe (Microgaming)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll (CSEQueryObject Object)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab (PB_Uploader Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...772/mcfscan.cab (McFreeScan Class)

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by135fd.bay135.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found

NetSvcs: Ias - Service key not found. File not found

NetSvcs: Iprip - Service key not found. File not found

NetSvcs: Irmon - Service key not found. File not found

NetSvcs: NWCWorkstation - Service key not found. File not found

NetSvcs: Nwsapagent - Service key not found. File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - Service key not found. File not found

NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/10/15 17:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/15 15:40:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP

[2009/10/15 15:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot

[2009/10/23 13:14:38 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2009/10/23 01:35:13 | 00,000,000 | --SD | C] -- C:\Combo-fix

[2009/10/23 01:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/10/15 17:21:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/10/15 17:21:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/10/15 17:20:26 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbsu.exe

[2009/10/15 14:49:38 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe

[2009/10/07 17:41:54 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/09/23 22:28:48 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music

[2009/06/29 19:44:07 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2009/10/23 13:14:42 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2009/10/23 13:02:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/10/23 12:59:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2009/10/23 10:29:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job

[2009/10/23 10:28:13 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/10/23 10:11:01 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job

[2009/10/23 01:34:18 | 00,013,692 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix

[2009/10/23 01:32:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/10/23 01:28:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/10/22 19:46:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/10/22 19:45:20 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/10/22 19:45:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/10/22 19:45:11 | 79,632,7936 | -HS- | M] () -- C:\hiberfil.sys

[2009/10/21 10:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/10/15 17:21:13 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/15 17:20:26 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbsu.exe

[2009/10/15 16:13:58 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/10/15 15:41:32 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/10/15 15:39:22 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat

[2009/10/15 14:49:50 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe

[2009/10/14 22:24:29 | 00,496,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/10/14 22:24:29 | 00,436,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/10/14 22:24:29 | 00,069,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/10/14 22:19:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/10/14 20:56:32 | 00,282,312 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip

[2009/10/14 18:50:16 | 00,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/10/14 01:02:33 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2009/10/07 14:33:38 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/10/05 17:47:24 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2009/10/02 19:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/09/28 22:35:44 | 00,063,281 | ---- | M] () -- C:\Documents and Settings\User\My Documents\ORK25G4UW28E.pdf

========== Files - No Company Name ==========

[2009/10/23 01:34:18 | 00,013,692 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix

[2009/10/22 18:45:49 | 79,632,7936 | -HS- | C] () -- C:\hiberfil.sys

[2009/10/15 17:21:13 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/15 15:36:28 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat

[2009/10/14 20:56:31 | 00,282,312 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip

[2009/10/14 18:50:16 | 00,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/09/28 22:35:44 | 00,063,281 | ---- | C] () -- C:\Documents and Settings\User\My Documents\ORK25G4UW28E.pdf

[2009/09/08 11:36:10 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2009/07/11 02:03:20 | 04,846,002 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db

[2008/07/04 10:47:28 | 00,001,198 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI

[2008/07/04 10:45:08 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll

[2008/05/05 18:24:12 | 00,001,528 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/03/29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2006/12/14 02:20:03 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT

[2006/11/03 15:15:55 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2006/08/29 13:14:22 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/08/24 21:33:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2006/08/22 10:37:55 | 00,005,129 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log

[2006/08/22 10:37:55 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini

[2006/07/21 20:18:52 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/07/21 18:27:30 | 00,002,637 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2006/07/21 17:52:36 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\dvd.bmk

[2006/07/21 11:54:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/21 11:29:28 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat

[2006/07/21 11:26:24 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2006/07/21 11:03:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini

[2006/07/18 22:22:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/07/18 22:15:28 | 00,000,443 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/07/18 22:08:56 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll

[2006/07/18 22:03:54 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

[2006/07/18 21:41:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2006/07/18 21:41:14 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2006/07/18 21:40:36 | 00,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/11/10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 13:12:05 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 12:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2004/08/10 12:51:28 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/15 16:14:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/04/03 20:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2009/04/11 15:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2006/09/04 01:40:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2009/06/30 22:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media

[2009/09/14 15:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2007/08/23 17:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2006/12/07 14:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar

[2008/12/31 12:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage

[2009/10/14 00:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor

[2007/08/23 17:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2009/06/29 19:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2009/07/01 19:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/08/15 11:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

[2009/10/15 16:14:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\User\Application Data

[2006/09/12 14:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ahead

[2009/09/14 15:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Boylesports5

[2009/04/03 20:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2006/07/21 21:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FUJIFILM

[2007/06/03 10:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Image Zone Express

[2006/07/27 21:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech

[2008/08/14 00:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Microgaming

[2007/08/15 11:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSN Search Toolbar

[2008/12/31 12:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MyHeritage

[2009/09/09 21:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OnlineArmor

[2007/09/05 12:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite

[2009/06/29 19:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst

[2006/11/30 21:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Preclick

[2007/08/23 17:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ROUTE 66 Sync

[2009/07/29 14:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template

[2009/02/03 22:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Complete Genealogy Reporter - FTB

[2008/11/15 23:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity

[2007/08/15 11:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search

[2009/10/21 10:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2009/10/23 12:59:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/10/23 10:28:13 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job

[2009/10/22 19:45:20 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

[2009/10/23 13:02:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

[2009/10/23 10:29:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\HP Usg Daily.job

[2009/10/23 01:32:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/10/23 10:11:01 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2006/04/14 23:05:02 | 00,009,952 | ---- | M] () -- C:\regxpcom.exe

< %systemroot%\system32\eventlog.dll >

[2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >

[2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

< %systemroot%\system32\drivers\iaStor.sys >

< %systemroot%\System32\drivers\nvstor.sys >

< %systemroot%\system32\drivers\atapi.sys >

[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

< %systemroot%\system32\drivers\IdeChnDr.sys >

< End of report >

Link to post
Share on other sites

This is why OTL only produced one log.

OTL logfile created on: 23/10/2009 13:24:38 - Run 3

Have you run it before?

You have ComboFix before? I see it in your logs. If you have run it please post the log that it produced.

1) OTL

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    [2006/04/14 23:05:02 | 00,009,952 | ---- | M] () -- C:\regxpcom.exe

    :Services

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\OldTimer Tools\OTL]
    "RunQty"="0"

    :Files

    :Commands
    [purity]
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

2) GMER

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

In your reply I would like to see copied and pasted,

1) OTL logs

2) GMER log

3) Any other logs you have from tools that have been run

Link to post
Share on other sites

Hi, ya I ran combofix last night because i was freaking out a little.

here are the logs.

OTL Extras logfile created on: 23/10/2009 14:57:05 - Run 1

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\User\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

759.37 Mb Total Physical Memory | 285.78 Mb Available Physical Memory | 37.63% Memory free

1.81 Gb Paging File | 1.27 Gb Available in Paging File | 69.99% Paging File free

Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 24.73 Gb Total Space | 8.97 Gb Free Space | 36.28% Space Free | Partition Type: NTFS

Drive D: | 9.30 Gb Total Space | 9.24 Gb Free Space | 99.40% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DF9MSC2J

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- Reg Error: Key error. File not found

.cmd [@ = cmdfile] -- Reg Error: Key error. File not found

.com [@ = comfile] -- Reg Error: Key error. File not found

.exe [@ = exefile] -- Reg Error: Key error. File not found

.hta [@ = htafile] -- Reg Error: Key error. File not found

.html [@ = htmlfile] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)

Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)

"C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{12BE3579-A34B-47BD-A65C-82B1754E71E1}" = D4100

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.3

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 16

"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3C97C9C5-1AF3-41B0-B61C-185C06C75EE6}" = D4100_Help

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series

"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade

"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext

"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support

"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DC5A3749-4535-4EAD-842A-DDE976CC6B38}" = PS7900

"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel

"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP

"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)

"{E13A66A4-8A37-451E-B4C5-E60BA0A777E3}" = Preclick PhotoBack Plug-in for HP

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Boylesports5" = Boylesports i-bar

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CCleaner" = CCleaner (remove only)

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"EPSON Printer and Utilities" = EPSON Printer Software

"ERUNT_is1" = ERUNT 1.1j

"Eye Candy 4000" = Eye Candy 4000

"Family Tree Builder" = MyHeritage Family Tree Builder

"getPlus®_ocx" = getPlus®_ocx

"Google Chrome" = Google Chrome

"Google Updater" = Google Updater

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OnlineArmor_is1" = Online Armor 3.5

"RealPlayer 6.0" = RealPlayer

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Live Toolbar" = Windows Live Toolbar

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"World Leaders" = World Leaders

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 13/10/2009 23:03:58 | Computer Name = DF9MSC2J | Source = Avira AntiVir | ID = 4110

Description = An unknown error occurred during init of the engine! Returned error

code: 0x35

Error - 13/10/2009 23:05:30 | Computer Name = DF9MSC2J | Source = Avira AntiVir | ID = 4110

Description = An unknown error occurred during init of the engine! Returned error

code: 0x35

Error - 13/10/2009 23:06:11 | Computer Name = DF9MSC2J | Source = Avira AntiVir | ID = 4110

Description = An unknown error occurred during init of the engine! Returned error

code: 0x35

Error - 13/10/2009 23:07:12 | Computer Name = DF9MSC2J | Source = Avira AntiVir | ID = 4110

Description = An unknown error occurred during init of the engine! Returned error

code: 0x35

Error - 13/10/2009 23:16:08 | Computer Name = DF9MSC2J | Source = Avira AntiVir | ID = 4110

Description = An unknown error occurred during init of the engine! Returned error

code: 0x35

Error - 16/10/2009 04:02:06 | Computer Name = DF9MSC2J | Source = Google Update | ID = 20

Description =

Error - 16/10/2009 05:02:05 | Computer Name = DF9MSC2J | Source = Google Update | ID = 20

Description =

Error - 16/10/2009 09:52:29 | Computer Name = DF9MSC2J | Source = Application Hang | ID = 1002

Description = Hanging application RootRepeal.exe, version 1.3.2.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 16/10/2009 09:52:49 | Computer Name = DF9MSC2J | Source = Application Hang | ID = 1002

Description = Hanging application RootRepeal.exe, version 1.3.2.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 19/10/2009 07:57:20 | Computer Name = DF9MSC2J | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 23/10/2009 07:19:51 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-Embedding

Error - 23/10/2009 08:03:53 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-Embedding

Error - 23/10/2009 08:25:58 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-Embedding

Error - 23/10/2009 08:39:46 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-Embedding

Error - 23/10/2009 08:46:28 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-Embedding

Error - 23/10/2009 08:52:58 | Computer Name = DF9MSC2J | Source = Service Control Manager | ID = 7000

Description = The Bonjour Service service failed to start due to the following error:

%%5

Error - 23/10/2009 08:56:14 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-Embedding

Error - 23/10/2009 09:55:51 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-Embedding

Error - 23/10/2009 09:56:00 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-Embedding

Error - 23/10/2009 09:56:15 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001

Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-Embedding

< End of report >

OTL logfile created on: 23/10/2009 14:57:05 - Run 1

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\User\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

759.37 Mb Total Physical Memory | 285.78 Mb Available Physical Memory | 37.63% Memory free

1.81 Gb Paging File | 1.27 Gb Available in Paging File | 69.99% Paging File free

Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 24.73 Gb Total Space | 8.97 Gb Free Space | 36.28% Space Free | Partition Type: NTFS

Drive D: | 9.30 Gb Total Space | 9.24 Gb Free Space | 99.40% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DF9MSC2J

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)

PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\NetWaiting\netWaiting.exe ()

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\OAhlp.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)

PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

PRC - C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)

PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)

PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gupdate1c9bdb2175ddae8 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

SRV - (InCDsrvR [Auto | Stopped]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)

SRV - (OAcat [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)

SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (SvcOnlineArmor [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Tall Emu\Online Armor\OAwatch.dll (Tall Emu)

MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation)

MOD - C:\WINDOWS\System32\WINSTA.dll (Microsoft Corporation)

MOD - C:\WINDOWS\System32\wsock32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\System32\wtsapi32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8484

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/29 18:59:11 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/03 17:35:08 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/06 14:08:49 | 00,000,000 | ---D | M]

[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions

[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\tiicj0w9.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)

O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe (Microgaming)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll (CSEQueryObject Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab (PB_Uploader Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...772/mcfscan.cab (McFreeScan Class)

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by135fd.bay135.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/15 17:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/15 15:40:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP

[2009/10/15 15:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot

[2009/10/23 13:14:38 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2009/10/23 01:35:13 | 00,000,000 | --SD | C] -- C:\Combo-fix

[2009/10/23 01:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/10/15 17:21:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/10/15 17:21:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/10/15 17:20:26 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbsu.exe

[2009/10/15 14:49:38 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe

[2009/06/29 19:44:07 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 14 Days ==========

[2009/10/23 14:59:03 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2009/10/23 14:29:01 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job

[2009/10/23 14:02:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/10/23 13:53:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/10/23 13:53:03 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/10/23 13:52:46 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/10/23 13:52:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/10/23 13:52:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/10/23 13:52:37 | 79,632,7936 | -HS- | M] () -- C:\hiberfil.sys

[2009/10/23 13:14:42 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2009/10/23 10:11:01 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job

[2009/10/23 01:34:18 | 00,013,692 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix

[2009/10/23 01:28:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/10/21 10:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/10/15 17:21:13 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/15 17:20:26 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbsu.exe

[2009/10/15 16:13:58 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/10/15 15:41:32 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/10/15 15:39:22 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat

[2009/10/15 14:49:50 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe

[2009/10/14 22:24:29 | 00,496,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/10/14 22:24:29 | 00,436,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/10/14 22:24:29 | 00,069,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/10/14 22:19:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/10/14 20:56:32 | 00,282,312 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip

[2009/10/14 18:50:16 | 00,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/10/14 01:02:33 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

========== Files - No Company Name ==========

[2009/10/23 01:34:18 | 00,013,692 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix

[2009/10/22 18:45:49 | 79,632,7936 | -HS- | C] () -- C:\hiberfil.sys

[2009/10/15 17:21:13 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/15 15:36:28 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat

[2009/10/14 20:56:31 | 00,282,312 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip

[2009/10/14 18:50:16 | 00,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/09/08 11:36:10 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2009/07/11 02:03:20 | 04,846,002 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db

[2008/07/04 10:47:28 | 00,001,198 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI

[2008/07/04 10:45:08 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll

[2008/05/05 18:24:12 | 00,001,528 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/03/29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2006/12/14 02:20:03 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT

[2006/11/03 15:15:55 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2006/08/29 13:14:22 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/08/24 21:33:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2006/08/22 10:37:55 | 00,005,129 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log

[2006/08/22 10:37:55 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini

[2006/07/21 20:18:52 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/07/21 18:27:30 | 00,002,637 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2006/07/21 17:52:36 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\dvd.bmk

[2006/07/21 11:54:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/21 11:29:28 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat

[2006/07/21 11:26:24 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2006/07/21 11:03:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini

[2006/07/18 22:22:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/07/18 22:15:28 | 00,000,443 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/07/18 22:08:56 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll

[2006/07/18 22:03:54 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

[2006/07/18 21:41:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2006/07/18 21:41:14 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2006/07/18 21:40:36 | 00,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/11/10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 13:12:05 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 12:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2004/08/10 12:51:28 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/15 16:14:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/04/03 20:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2009/04/11 15:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2006/09/04 01:40:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2009/06/30 22:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media

[2009/09/14 15:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2007/08/23 17:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2006/12/07 14:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar

[2008/12/31 12:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage

[2009/10/14 00:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor

[2007/08/23 17:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2009/06/29 19:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2009/07/01 19:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/08/15 11:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

[2009/10/15 16:14:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\User\Application Data

[2006/09/12 14:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ahead

[2009/09/14 15:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Boylesports5

[2009/04/03 20:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2006/07/21 21:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FUJIFILM

[2007/06/03 10:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Image Zone Express

[2006/07/27 21:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech

[2008/08/14 00:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Microgaming

[2007/08/15 11:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSN Search Toolbar

[2008/12/31 12:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MyHeritage

[2009/09/09 21:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OnlineArmor

[2007/09/05 12:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite

[2009/06/29 19:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst

[2006/11/30 21:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Preclick

[2007/08/23 17:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ROUTE 66 Sync

[2009/07/29 14:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template

[2009/02/03 22:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Complete Genealogy Reporter - FTB

[2008/11/15 23:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity

[2007/08/15 11:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search

[2009/10/21 10:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2009/10/23 14:59:03 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/10/23 13:53:03 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job

[2009/10/23 13:52:46 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

[2009/10/23 14:02:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

[2009/10/23 14:29:01 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\HP Usg Daily.job

[2009/10/23 13:52:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/10/23 10:11:01 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

ComboFix 09-10-21.02 - User 23/10/2009 1:18.6.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.370 [GMT 1:00]

Running from: c:\documents and settings\User\Desktop\Combo-fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))

.

2009-10-21 18:12 . 2009-10-21 18:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-10-15 16:21 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-15 16:21 . 2009-10-15 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-15 16:21 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-15 14:40 . 2009-10-15 14:40 -------- d-----w- c:\program files\MSSOAP

2009-10-15 14:37 . 2009-10-15 14:37 -------- d-----w- c:\program files\Webroot

2009-10-15 14:36 . 2009-10-15 14:39 164 ----a-w- c:\windows\install.dat

2009-10-14 18:04 . 2009-10-14 18:12 -------- d-----w- c:\documents and settings\User\DoctorWeb

2009-10-14 03:21 . 2009-10-14 03:21 -------- d-----w- c:\windows\system32\wbem\Repository

2009-10-14 01:46 . 2009-10-14 01:46 30824 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-15 16:21 . 2009-03-31 15:24 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes

2009-10-15 16:21 . 2009-03-31 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-14 17:50 . 2006-07-21 10:29 -------- d-----w- c:\program files\Common Files\Adobe

2009-10-13 23:44 . 2009-09-14 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor

2009-10-05 17:05 . 2009-07-20 15:34 -------- d-----w- c:\program files\Windows Live Safety Center

2009-09-21 16:02 . 2009-09-14 14:04 -------- d-----w- c:\program files\Common Files\PCSuite

2009-09-14 14:05 . 2009-09-14 14:05 -------- d-----w- c:\documents and settings\User\Application Data\Boylesports5

2009-09-14 14:05 . 2009-09-14 14:04 -------- d-----w- c:\program files\Boylesports5

2009-09-14 14:02 . 2008-07-21 12:07 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-14 14:01 . 2009-09-14 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8(2)

2009-09-14 14:00 . 2009-09-14 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2009-09-14 13:59 . 2009-09-07 17:24 -------- d-----w- c:\program files\ERUNT

2009-09-11 14:18 . 2004-08-10 11:51 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-09 20:09 . 2009-09-09 20:09 -------- d-----w- c:\documents and settings\User\Application Data\OnlineArmor

2009-09-09 20:08 . 2009-09-09 20:08 -------- d-----w- c:\program files\Tall Emu

2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\program files\Avira

2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-09-08 10:35 . 2009-05-06 13:08 -------- d-----w- c:\program files\Java

2009-09-05 00:08 . 2009-09-05 00:07 -------- d-----w- c:\documents and settings\User\Application Data\HpUpdate

2009-09-05 00:08 . 2006-07-21 17:27 -------- d-----w- c:\program files\Hewlett-Packard

2009-09-05 00:07 . 2006-07-21 17:28 -------- d-----w- c:\program files\HP

2009-09-04 21:03 . 2004-08-10 11:51 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-02 18:03 . 2009-09-02 18:03 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2009-09-02 12:40 . 2006-07-18 21:02 -------- d-----w- c:\program files\Dell

2009-08-29 08:08 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-27 20:56 . 2009-08-27 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-08-27 20:55 . 2006-07-18 21:16 -------- d-----w- c:\program files\Google

2009-08-26 08:00 . 2004-08-10 11:51 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-20 14:09 . 2009-08-20 14:09 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-08-06 18:24 . 2004-08-10 12:02 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 18:24 . 2004-08-10 12:02 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 18:24 . 2005-05-26 03:16 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 18:24 . 2004-08-10 12:02 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 18:24 . 2004-08-10 12:02 53472 ------w- c:\windows\system32\wuauclt.exe

2009-08-06 18:24 . 2004-08-10 11:50 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 18:23 . 2004-08-10 12:02 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 18:23 . 2007-08-16 07:25 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 18:23 . 2007-08-16 07:25 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-06 18:23 . 2004-08-10 12:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-05 09:01 . 2004-08-10 11:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 19:44 . 2004-08-10 11:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe

2009-08-04 14:20 . 2004-08-03 21:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe

2009-07-31 14:23 . 2008-12-18 00:28 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-28 15:33 . 2009-09-08 11:14 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-06-29 18:43 . 2009-06-29 18:44 774144 ----a-w- c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-E49A-20FD87FD6E8C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]

"EPSON Stylus COLOR 580"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE" [2001-09-13 220672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]

"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\User\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [09/09/2009 21:08 200784]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [09/09/2009 21:08 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [09/09/2009 21:08 29776]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [08/09/2009 12:14 108289]

R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [09/09/2009 21:08 362184]

R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [09/09/2009 21:08 3142344]

S2 gupdate1c9bdb2175ddae8;Google Update Service (gupdate1c9bdb2175ddae8);c:\program files\Google\Update\GoogleUpdate.exe [15/04/2009 11:08 133104]

.

Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-10-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-10-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-19 20:53]

2009-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 10:08]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 10:08]

2009-10-22 c:\windows\Tasks\HP Usg Daily.job

- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2006-07-21 04:55]

2009-10-22 c:\windows\Tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR

IE: {{F313D2F6-B79E-4654-BC77-D14C93FC8947} - c:\program files\boylesportspokercomMPP\MPPoker.exe

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-23 01:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(408)

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2968)

c:\windows\system32\WININET.dll

c:\program files\Tall Emu\Online Armor\OAwatch.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-10-23 1:32

ComboFix-quarantined-files.txt 2009-10-23 00:32

Pre-Run: 8,095,682,560 bytes free

Post-Run: 8,083,742,720 bytes free

- - End Of File - - 379C97659A528063DD449E25ECC7965A

GMER 1.0.15.15125 - http://www.gmer.net

Rootkit scan 2009-10-23 14:55:24

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\fxldapod.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xAA2A0E60]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xAA2A15C0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xAA29F610]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xAA2AE0D0]

SSDT F7C5F96E ZwCreateKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xAA29F2C0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xAA29C580]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xAA29C960]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xAA29C060]

SSDT F7C5F964 ZwCreateThread

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xAA29E5A0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDeleteFile [0xAA2AEB50]

SSDT F7C5F973 ZwDeleteKey

SSDT F7C5F97D ZwDeleteValueKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDuplicateObject [0xAA29EFE0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateKey [0xAA2AE070]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateValueKey [0xAA2AE0A0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xAA2A05D0]

SSDT F7C5F982 ZwLoadKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xAA2AE760]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenKey [0xAA2ACC20]

SSDT F7C5F950 ZwOpenProcess

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xAA29C300]

SSDT F7C5F955 ZwOpenThread

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xAA2A1250]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryDirectoryFile [0xAA2A0A10]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryKey [0xAA2AE010]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryValueKey [0xAA2AE040]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xAA2A1740]

SSDT F7C5F98C ZwReplaceKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xAA2A0180]

SSDT F7C5F987 ZwRestoreKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xAA29EC90]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSaveKey [0xAA2ADFF0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xAA29F9D0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xAA29E3C0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetInformationFile [0xAA2AEE10]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xAA29E720]

SSDT F7C5F978 ZwSetValueKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xAA2A04D0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xAA29EE40]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xAA29EAC0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xAA29E900]

SSDT F7C5F95F ZwTerminateProcess

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xAA29E1A0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xAA2A07F0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwWriteVirtualMemory [0xAA2A1400]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 12 Bytes [C0, F2, 29, AA, 80, C5, 29, ...]

.text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F90 12 Bytes [40, EE, 29, AA, C0, EA, 29, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\hkcmd.exe[180] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001

.text C:\WINDOWS\system32\hkcmd.exe[180] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\hkcmd.exe[180] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\hkcmd.exe[180] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\system32\hkcmd.exe[180] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001

.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[184] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[184] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0B001E

.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[184] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F05001E

.text C:\WINDOWS\system32\wuauclt.exe[260] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\system32\svchost.exe[324] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[352] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\system32\csrss.exe[388] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\WINDOWS\system32\winlogon.exe[412] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text ...

.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001

.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A

.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\svchost.exe[640] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\Program Files\Ahead\InCD\InCDsrv.exe[784] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\stsystra.exe[920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009B0001

.text C:\WINDOWS\stsystra.exe[920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\stsystra.exe[920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\stsystra.exe[920] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\stsystra.exe[920] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\stsystra.exe[920] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\stsystra.exe[920] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A

.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[940] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1056] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\Explorer.EXE[1136] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01CC0001

.text C:\WINDOWS\Explorer.EXE[1136] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\Explorer.EXE[1136] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\Explorer.EXE[1136] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\WINDOWS\Explorer.EXE[1136] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\Explorer.EXE[1136] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1176] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1320] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\WINDOWS\System32\bcmwltry.exe[1332] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\Program Files\Tall Emu\Online Armor\OAcat.exe[1340] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001

.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1372] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0B001E

.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1372] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F05001E

.text C:\WINDOWS\system32\spoolsv.exe[1540] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1612] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1660] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1824] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1824] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1824] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1824] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\HPZipm12.exe[1948] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Java\jre6\bin\jqs.exe[2000] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\system32\WLTRAY.exe[2124] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DB0001

.text C:\WINDOWS\system32\WLTRAY.exe[2124] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2124] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2124] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\system32\WLTRAY.exe[2124] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2124] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2124] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2124] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\ctfmon.exe[2276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001

.text C:\WINDOWS\system32\ctfmon.exe[2276] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2276] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\ctfmon.exe[2276] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\system32\ctfmon.exe[2276] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2356] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2356] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2476] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2476] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2476] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2476] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001

.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A

.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\hphmon05.exe[2752] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001

.text C:\WINDOWS\system32\hphmon05.exe[2752] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\hphmon05.exe[2752] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\hphmon05.exe[2752] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\WINDOWS\system32\hphmon05.exe[2752] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\hphmon05.exe[2752] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\hphmon05.exe[2752] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A

.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00940001

.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 010DE8D9 C:\Program Files\Windows Desktop Search\mssrch.dll (Microsoft Embedded Search/Microsoft Corporation)

.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A

.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001

.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2928] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2928] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2928] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2928] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\System32\alg.exe[3112] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E50001

.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A

.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3404] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01500001

.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3404] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3404] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0B001E

.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3404] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F05001E

.text C:\Program Files\NetWaiting\netWaiting.exe[3816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D30001

.text C:\Program Files\NetWaiting\netWaiting.exe[3816] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\NetWaiting\netWaiting.exe[3816] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\NetWaiting\netWaiting.exe[3816] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\NetWaiting\netWaiting.exe[3816] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009B0001

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3972] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3972] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3972] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3972] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F763A300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F763A360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F763A610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F763A650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F763A610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F763A360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F763A300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F763A610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F763A650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F763A300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F763A360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)

Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)

Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)

Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

Device A8C47D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device InCDfs.SYS (InCD File System Driver/Nero AG)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Not seeing much in there.

Download this to your C:\ drive and run it,

mbr.exe and post the log that it produces.

Then,

mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Link to post
Share on other sites

I reckon everything is fine. The problem was definately "DUMP5BBC.TMP" I have no idea what it was or where it came from. No scanner (even combofix) could scan it. Thanks for your help, ye do great work.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

The MBAM scan was clear.

The only thing that avira found was "eicar test file" not a virus it said.

Link to post
Share on other sites

Lets get an online scan going to be sure.

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Link to post
Share on other sites

Sorry for not getting back sooner. I did as you asked and everything went good. After i deleted the "dump5bbc.tmp" file last week everything was fine until this morning. When i scanned with malwarebytes the scan frooze again. I searched back in my windows folder and found "dump5f27.tmp" . So i think it has respawned. I again deleted this file in safemode and tried to scan again but frooze again. I noticed that when i look at "my computer" some folder are after getting lighter in appearence. Not sure if this has anything to do with the problem but i'll post a screenshot for you to look at.

untitled.zip

Link to post
Share on other sites

No thats fine.

Can you give me the exact location of that file?

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Link to post
Share on other sites

It was sitting in the Windows folder alongside all those kb****** flles and it had looked like a MSWORD FILE.

OTL logfile created on: 28/10/2009 16:26:02 - Run 2

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\User\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

759.37 Mb Total Physical Memory | 388.73 Mb Available Physical Memory | 51.19% Memory free

1.81 Gb Paging File | 1.37 Gb Available in Paging File | 75.43% Paging File free

Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 24.73 Gb Total Space | 8.59 Gb Free Space | 34.72% Space Free | Partition Type: NTFS

Drive D: | 9.30 Gb Total Space | 9.24 Gb Free Space | 99.40% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DF9MSC2J

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)

PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\NetWaiting\netWaiting.exe ()

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\OAhlp.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)

PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

PRC - C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)

PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)

PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gupdate1c9bdb2175ddae8 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

SRV - (InCDsrvR [Auto | Stopped]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)

SRV - (OAcat [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)

SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (SvcOnlineArmor [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)

SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (APPDRV [system | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)

DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (avgio [system | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)

DRV - (avipbb [system | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)

DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)

DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)

DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)

DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)

DRV - (InCDPass [system | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Nero AG)

DRV - (incdrm [system | Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (OADevice [system | Running]) -- C:\WINDOWS\System32\drivers\OADriver.sys (Tall Emu)

DRV - (OAmon [system | Running]) -- C:\WINDOWS\System32\drivers\OAmon.sys (Tall Emu)

DRV - (OAnet [system | Running]) -- C:\WINDOWS\System32\drivers\OAnet.sys (Tall Emu Pty Ltd)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (ssmdrv [system | Running]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)

DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Tall Emu\Online Armor\OAwatch.dll (Tall Emu)

MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation)

MOD - C:\WINDOWS\System32\WINSTA.dll (Microsoft Corporation)

MOD - C:\WINDOWS\System32\wsock32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\System32\wtsapi32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8484

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - prefs.js..browser.startup.homepage: "http://search.myheritage.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/29 17:59:11 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/03 16:35:08 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/06 13:08:49 | 00,000,000 | ---D | M]

[2009/04/01 15:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions

[2009/04/01 15:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/04/01 15:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\tiicj0w9.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)

O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)

O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe (Microgaming)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll (CSEQueryObject Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab (PB_Uploader Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...772/mcfscan.cab (McFreeScan Class)

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by135fd.bay135.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found

NetSvcs: Ias - Service key not found. File not found

NetSvcs: Iprip - Service key not found. File not found

NetSvcs: Irmon - Service key not found. File not found

NetSvcs: NWCWorkstation - Service key not found. File not found

NetSvcs: Nwsapagent - Service key not found. File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - Service key not found. File not found

NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/10/24 22:11:16 | 00,000,000 | ---D | C] -- C:\Program Files\Family Toolbar

[2009/10/15 16:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/15 14:40:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP

[2009/10/15 14:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot

[2009/10/28 16:25:08 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2009/10/23 00:35:13 | 00,000,000 | --SD | C] -- C:\Combo-fix

[2009/10/23 00:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/10/15 16:21:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/10/15 16:21:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/10/15 13:49:38 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe

[2009/10/07 16:41:54 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/06/29 18:44:07 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2009/10/28 16:25:14 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2009/10/28 16:22:55 | 00,001,198 | ---- | M] () -- C:\WINDOWS\MyHeritage.INI

[2009/10/28 16:02:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/10/28 15:59:01 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2009/10/28 15:38:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/10/28 15:38:26 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/10/28 15:38:22 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/10/28 15:38:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/10/28 15:38:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/10/28 15:38:06 | 79,632,7936 | -HS- | M] () -- C:\hiberfil.sys

[2009/10/28 15:34:56 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job

[2009/10/28 13:18:18 | 00,436,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/10/28 13:18:18 | 00,069,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/10/28 13:18:16 | 00,515,896 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/10/27 22:29:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job

[2009/10/25 23:00:11 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/10/24 22:11:54 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MyHeritage Family Tree Builder.lnk

[2009/10/23 14:42:06 | 00,077,312 | ---- | M] () -- C:\mbr.exe

[2009/10/23 00:28:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/10/21 09:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/10/15 16:21:13 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/15 15:13:58 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/10/15 14:41:32 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/10/15 14:39:22 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat

[2009/10/15 13:49:50 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe

[2009/10/14 21:19:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/10/14 17:50:16 | 00,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/10/14 00:02:33 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2009/10/07 13:33:38 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/10/05 16:47:24 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2009/10/02 18:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/09/28 21:35:44 | 00,063,281 | ---- | M] () -- C:\Documents and Settings\User\My Documents\ORK25G4UW28E.pdf

========== Files - No Company Name ==========

[2009/10/28 14:46:31 | 79,632,7936 | -HS- | C] () -- C:\hiberfil.sys

[2009/10/24 12:23:25 | 01,033,523 | ---- | C] () -- C:\Documents and Settings\User\My Documents\canada 06 026.jpg

[2009/10/23 14:42:06 | 00,077,312 | ---- | C] () -- C:\mbr.exe

[2009/10/15 16:21:13 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/15 14:36:28 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat

[2009/10/14 17:50:16 | 00,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/09/28 21:35:44 | 00,063,281 | ---- | C] () -- C:\Documents and Settings\User\My Documents\ORK25G4UW28E.pdf

[2009/09/08 10:36:10 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2009/07/11 01:03:20 | 04,846,002 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db

[2008/07/04 09:47:28 | 00,001,198 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI

[2008/07/04 09:45:08 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll

[2008/05/05 17:24:12 | 00,001,528 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/03/29 22:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2006/12/14 01:20:03 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT

[2006/11/03 14:15:55 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2006/08/29 12:14:22 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/08/24 20:33:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2006/08/22 09:37:55 | 00,005,129 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log

[2006/08/22 09:37:55 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini

[2006/07/21 19:18:52 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/07/21 17:27:30 | 00,002,637 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2006/07/21 16:52:36 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\dvd.bmk

[2006/07/21 10:54:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/21 10:29:28 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat

[2006/07/21 10:26:24 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2006/07/21 10:03:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini

[2006/07/18 21:22:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/07/18 21:15:28 | 00,000,443 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/07/18 21:08:56 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll

[2006/07/18 21:03:54 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

[2006/07/18 20:41:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2006/07/18 20:41:14 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2006/07/18 20:40:36 | 00,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 12:12:05 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 12:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 11:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2004/08/10 11:51:28 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/10 11:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/15 15:14:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/04/03 19:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2009/04/11 14:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2006/09/04 00:40:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2009/06/30 21:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media

[2009/09/14 14:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2007/08/23 16:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2006/12/07 13:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar

[2008/12/31 11:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage

[2009/10/13 23:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor

[2007/08/23 16:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2009/06/29 18:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2004/08/10 12:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2009/07/01 18:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/08/15 10:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

[2009/10/15 15:14:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\User\Application Data

[2006/09/12 13:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ahead

[2009/09/14 14:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Boylesports5

[2009/04/03 19:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2006/07/21 20:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FUJIFILM

[2007/06/03 09:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Image Zone Express

[2006/07/27 20:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech

[2008/08/13 23:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Microgaming

[2007/08/15 10:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSN Search Toolbar

[2008/12/31 11:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MyHeritage

[2009/09/09 20:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OnlineArmor

[2007/09/05 11:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite

[2009/06/29 18:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst

[2006/11/30 20:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Preclick

[2007/08/23 16:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ROUTE 66 Sync

[2009/07/29 13:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template

[2009/02/03 21:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Complete Genealogy Reporter - FTB

[2008/11/15 22:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity

[2007/08/15 10:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search

[2009/10/21 09:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2009/10/28 15:59:01 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/10/28 15:38:26 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job

[2009/10/28 15:38:22 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

[2009/10/28 16:02:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

[2009/10/27 22:29:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\HP Usg Daily.job

[2009/10/28 15:38:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/10/28 15:34:56 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2009/10/23 14:42:06 | 00,077,312 | ---- | M] () -- C:\mbr.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\i386\eventlog.dll

[1 C:\Documents and Settings\User\Desktop\i386\*.tmp files]

[eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\i386\scecli.dll

[1 C:\Documents and Settings\User\Desktop\i386\*.tmp files]

[scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\scecli.dll

[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\i386\netlogon.dll

[1 C:\Documents and Settings\User\Desktop\i386\*.tmp files]

[netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\i386\atapi.sys

[1 C:\Documents and Settings\User\Desktop\i386\*.tmp files]

[atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys

[atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >

[AGP440.SYS : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\i386\AGP440.SYS

[1 C:\Documents and Settings\User\Desktop\i386\*.tmp files]

[agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\agp440.sys

[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< End of report >

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    dump5f27.tmp


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SORRY about this but while i was out my brother ran combofix ( because he thinks he knows everything) I'll post the log just in case it did anything.

sorry about this !

ComboFix 09-10-27.08 - User 28/10/2009 22:20.7.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.492 [GMT 0:00]

Running from: c:\documents and settings\User\Desktop\kevinfix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))

.

2009-10-28 17:19 . 2009-10-28 17:19 -------- d--h--w- c:\windows\PIF

2009-10-24 22:11 . 2009-10-24 22:11 -------- d-----w- c:\program files\Family Toolbar

2009-10-23 14:42 . 2009-10-23 14:42 77312 ----a-w- C:\mbr.exe

2009-10-23 00:35 . 2009-10-23 00:35 -------- d-----w- C:\Combo-fix

2009-10-21 18:12 . 2009-10-21 18:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-10-15 16:21 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-15 16:21 . 2009-10-15 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-15 16:21 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-15 14:40 . 2009-10-15 14:40 -------- d-----w- c:\program files\MSSOAP

2009-10-15 14:37 . 2009-10-15 14:37 -------- d-----w- c:\program files\Webroot

2009-10-15 14:36 . 2009-10-15 14:39 164 ----a-w- c:\windows\install.dat

2009-10-14 18:04 . 2009-10-14 18:12 -------- d-----w- c:\documents and settings\User\DoctorWeb

2009-10-14 03:21 . 2009-10-14 03:21 -------- d-----w- c:\windows\system32\wbem\Repository

2009-10-14 01:46 . 2009-10-14 01:46 30824 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-24 22:10 . 2008-07-04 09:44 -------- d-----w- c:\program files\MyHeritage

2009-10-15 16:21 . 2009-03-31 15:24 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes

2009-10-15 16:21 . 2009-03-31 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-14 17:50 . 2006-07-21 10:29 -------- d-----w- c:\program files\Common Files\Adobe

2009-10-13 23:44 . 2009-09-14 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor

2009-10-05 17:05 . 2009-07-20 15:34 -------- d-----w- c:\program files\Windows Live Safety Center

2009-09-21 16:02 . 2009-09-14 14:04 -------- d-----w- c:\program files\Common Files\PCSuite

2009-09-14 14:05 . 2009-09-14 14:05 -------- d-----w- c:\documents and settings\User\Application Data\Boylesports5

2009-09-14 14:05 . 2009-09-14 14:04 -------- d-----w- c:\program files\Boylesports5

2009-09-14 14:02 . 2008-07-21 12:07 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-14 14:01 . 2009-09-14 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8(2)

2009-09-14 14:00 . 2009-09-14 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2009-09-14 13:59 . 2009-09-07 17:24 -------- d-----w- c:\program files\ERUNT

2009-09-11 14:18 . 2004-08-10 11:51 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-09 20:09 . 2009-09-09 20:09 -------- d-----w- c:\documents and settings\User\Application Data\OnlineArmor

2009-09-09 20:08 . 2009-09-09 20:08 -------- d-----w- c:\program files\Tall Emu

2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\program files\Avira

2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-09-08 10:35 . 2009-05-06 13:08 -------- d-----w- c:\program files\Java

2009-09-05 00:08 . 2009-09-05 00:07 -------- d-----w- c:\documents and settings\User\Application Data\HpUpdate

2009-09-05 00:08 . 2006-07-21 17:27 -------- d-----w- c:\program files\Hewlett-Packard

2009-09-05 00:07 . 2006-07-21 17:28 -------- d-----w- c:\program files\HP

2009-09-04 21:03 . 2004-08-10 11:51 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-02 18:03 . 2009-09-02 18:03 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2009-09-02 12:40 . 2006-07-18 21:02 -------- d-----w- c:\program files\Dell

2009-08-29 08:08 . 2004-08-10 11:51 916480 ------w- c:\windows\system32\wininet.dll

2009-08-27 07:57 . 2009-08-27 07:57 351248 ----a-w- c:\windows\system32\FTBSaver.scr

2009-08-26 08:00 . 2004-08-10 11:51 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-20 14:09 . 2009-08-20 14:09 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-08-06 18:24 . 2004-08-10 12:02 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 18:24 . 2004-08-10 12:02 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 18:24 . 2005-05-26 03:16 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 18:24 . 2004-08-10 12:02 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 18:24 . 2004-08-10 12:02 53472 ------w- c:\windows\system32\wuauclt.exe

2009-08-06 18:24 . 2004-08-10 11:50 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 18:23 . 2004-08-10 12:02 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 18:23 . 2007-08-16 07:25 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 18:23 . 2007-08-16 07:25 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-06 18:23 . 2004-08-10 12:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-05 09:01 . 2004-08-10 11:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 19:44 . 2004-08-10 11:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe

2009-08-04 14:20 . 2004-08-03 21:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe

2009-07-31 14:23 . 2008-12-18 00:28 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-06-29 18:43 . 2009-06-29 18:44 774144 ----a-w- c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]

[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]

[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]

2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-E49A-20FD87FD6E8C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]

"EPSON Stylus COLOR 580"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE" [2001-09-13 220672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]

"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2009-01-14 113680]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\User\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [09/09/2009 20:08 200784]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [09/09/2009 20:08 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [09/09/2009 20:08 29776]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [08/09/2009 11:14 108289]

R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [09/09/2009 20:08 362184]

R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [09/09/2009 20:08 3142344]

S2 gupdate1c9bdb2175ddae8;Google Update Service (gupdate1c9bdb2175ddae8);c:\program files\Google\Update\GoogleUpdate.exe [15/04/2009 10:08 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [15/10/2009 16:21 38224]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-10-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-10-28 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-19 20:53]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 10:08]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 10:08]

2009-10-28 c:\windows\Tasks\HP Usg Daily.job

- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2006-07-21 04:55]

2009-10-28 c:\windows\Tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.myheritage.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://search.myheritage.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR

IE: {{F313D2F6-B79E-4654-BC77-D14C93FC8947} - c:\program files\boylesportspokercomMPP\MPPoker.exe

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-28 22:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(408)

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1396)

c:\windows\system32\WININET.dll

c:\program files\Tall Emu\Online Armor\OAwatch.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-10-28 22:35

ComboFix-quarantined-files.txt 2009-10-28 22:35

ComboFix2.txt 2009-10-23 00:32

Pre-Run: 9,026,252,800 bytes free

Post-Run: 9,106,616,320 bytes free

- - End Of File - - CDA28E2722F1B7859AD21D1BF4D8278C

Link to post
Share on other sites

ok thanks. It stopped just before the dump5bbc.tmp and the dump5f27.tmp but these files are now deleted. yesterday it stopped at pagefile.sys and updatefix.log which are located close together in the c: ( when i click on hard drive c: ).

Today i noticed on my firewall (online armour) an active connection to remote address "www.paypal.co.nz:443"

I only came to this site and I dont use paypal.......

Link to post
Share on other sites

Ok,

Couple of suggestions to try,

make sure that they have all of the following files excluded/trusted by Online Armor:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

Also it would be a good idea to run chkdsk on your hard drive.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.