Jump to content

Problem at Bootup - Attempted entry to unknown IP

Possum47
 Share

Recommended Posts

Possum47

Possum47

Posted
Posted

G'day. I trust I have everything for you to solve this problem. I have included a snap of my Firewall Log so that the problem can be shown to you.

Malwarebytes' Anti-Malware PRO Version Log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4150

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

28/05/2010 12:17:42 PM

mbam-log-2010-05-28 (12-17-42).txt

Scan type: Quick scan

Objects scanned: 150410

Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS Log File

DDS (Ver_10-03-17.01) - NTFSx86

Run by Stephen D Beakey at 12:38:18.75 on Fri 28/05/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3583.2774 [GMT 10:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

FW: Privatefirewall *enabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Stardock\SDMCP.exe

svchost.exe

C:\Program Files\BrigSoft\AtomicClockService\PCAtomicServ.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\imapi.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Privacyware\Privatefirewall 7.0\pfgui.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

svchost.exe

D:\Stardock\ObjectDock\ObjectDock.exe

C:\PROGRA~1\DeskMates\Manager.exe

C:\PROGRA~1\DeskMates\Sprite.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

D:\Wallpaper Master\Wallpaper.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\dvd43\dvd43_tray.exe

C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe

D:\Softany\Monitor Control\MonitorControl.exe

D:\Stardock\CursorFX\CursorFX.exe

D:\Oregon Scientific\Weather OS\Weather OS.exe

D:\Sharp World Clock\Sharp World Clock.exe

D:\Active Desktop Calendar\ADC.exe

D:\CyberLink\Power2Go\Power2Go\Power2GoExpress.exe

C:\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Bar =

uSearch Page =

uDefault_Search_URL = hxxp://www.google.com/ie

uWindow Title = Stephen D Beakey @ Possum

mSearch Page = hxxp://www.google.com

mStart Page = about:blank

mSearch Bar = hxxp://google.com.au

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\avg\avgls\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mWinlogon: UIHost=c:\windows\system32\logonuiX.exe

BHO: AutorunsDisabled - No File

BHO: Cdcovers Toolbar: {13e0b548-6fc9-47e9-9874-470915f46548} - c:\program files\cdcovers\tbCdc0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\avg\avgls\avgssie.dll

BHO: BHO Class: {8b3868b4-eba8-48fa-a19b-e1dfb99066fa} - d:\flashcapture\fcbho.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\avg\avgls\toolbar\IEToolbar.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\dapieloader.dll

TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - d:\veoh networks\veoh\plugins\reg\VeohToolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll

TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - d:\avg\avgls\toolbar\IEToolbar.dll

TB: Cdcovers Toolbar: {13e0b548-6fc9-47e9-9874-470915f46548} - c:\program files\cdcovers\tbCdc0.dll

TB: TerraTec Home Cinema: {ad6e6555-fb2c-47d4-8339-3e2965509877} - c:\progra~1\terratec\terratec home cinema\ThcDeskBand.dll

TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll

TB: {0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - No File

TB: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tbliv0.dll

EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll

mRun: [startupDelayer] "d:\startup delayer\Startup Launcher.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\pfgui.exe

mRun: [bootSkin Startup Jobs] "d:\stardock\wincustomize\bootskin\bootskin.exe" /StartupJobs

uPolicies-explorer: EditLevel = 0 (0x0)

uPolicies-explorer: NoCommonGroups = 0 (0x0)

uPolicies-explorer: ForceCopyAclwithFile = 1 (0x1)

uPolicies-explorer: NoFavoritesMenu = 1 (0x1)

uPolicies-explorer: NoSMMyDocs = 1 (0x1)

uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)

uPolicies-explorer: NoSMMyPictures = 1 (0x1)

uPolicies-explorer: NoActiveDesktop = 00000000

uPolicies-explorer: HideClock = 0 (0x0)

mPolicies-explorer: NoFavoritesMenu = 1 (0x1)

mPolicies-explorer: NoSMMyDocs = 1 (0x1)

mPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)

mPolicies-explorer: NoSMMyPictures = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: NoFileAssociate = 0 (0x0)

mPolicies-system: NoDispSettingsPage = 0 (0x0)

IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {E59EB121-F339-4851-A3BA-FE49C35617C2}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\program files\avira\antivir desktop\avsda.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\update

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\avg\avgls\avgpp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll

Notify: WBSrv - d:\stardock\window~1\wbsrv.dll

AppInit_DLLs: wbsys.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - d:\stardock\iconpackager\iprepair.dll

SSODL: EnhancedDialog - {6D972050-A934-44D7-AC67-7C9E0B264220} - d:\stardock\enhanceddialog\enhdlginit.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\mcpcore.dll

STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - Stardock Vista ControlPanel Extension

STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - StardockDreamController

STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - d:\stardock\objectdock\ODMenu.dll

SEH: AssociateThis: {a7040f42-7dc2-473c-b01d-105c130706c5} - Associate This Shell Extension

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: ExecuteHooker Class: {569dac0f-2791-46ab-8efc-a54b77c04c20} - d:\dvd programmes\dvd ghost\ExecuteHooker.dll

SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - d:\dvdpro~1\dvdreg~1\DVDShell.dll

LSA: Authentication Packages = msv1_0 relog_ap

mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - c:\program files\pixiepack codec pack\InstallerHelper.exe

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stephe~1\applic~1\mozilla\firefox\profiles\aqtf7q1m.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=13701&l=dis&q=

FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\stephen d beakey\application data\mozilla\plugins\npPxPlay.dll

FF - plugin: c:\documents and settings\stephen d beakey\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\adobe\reader 9.0\reader\browser\nppdf32.dll

FF - plugin: d:\browsers\mozilla firefox\plugins\npwachk.dll

FF - plugin: d:\browsers\opera\program\plugins\npdsplay.dll

FF - plugin: d:\browsers\opera\program\plugins\nppl3260.dll

FF - plugin: d:\browsers\opera\program\plugins\nppl3260.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin2.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin3.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin4.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin5.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin6.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin7.dll

FF - plugin: d:\browsers\opera\program\plugins\nprpjplug.dll

FF - plugin: d:\browsers\opera\program\plugins\nprpjplug.dll

FF - plugin: d:\browsers\opera\program\plugins\NPSWF32.dll

FF - plugin: d:\browsers\opera\program\plugins\npwmsdrm.dll

FF - plugin: d:\picasa35\npPicasa2.dll

FF - plugin: d:\picasa35\npPicasa3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - d:\browsers\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - d:\browsers\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

d:\browsers\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\browsers\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

d:\browsers\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

d:\browsers\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

d:\browsers\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

d:\browsers\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\browsers\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\browsers\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

d:\browsers\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

d:\browsers\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

d:\browsers\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

d:\browsers\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

d:\browsers\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-10-11 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-10-11 15856]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-26 11608]

R1 AvgLdx86;AVG LinkScanner

Attach.zip

post-42936-1275025563_thumb.jpg

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello ,

And :welcome: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Elise, Thank you for the reply. PLEASE, be advised that this thread could extend over two or more replies as it has been indicated that the reply is too long. Sorry about that. Hereunder, in this first reply, are the new logs for DDS and GMER that you have requested, together with an explanation of the problem and steps taken :

The problem I am experiencing is that at every boot svchost.exe is invoked in an attempt to connect to IP Address 239.255.255.250 Port 1900. I have entered this address into Firefox and it leads to Ask.com (a Search Engine I have never used) with one item displayed - http://www.leechermods.com/2007_01_archive.htm ( a site I have never visited). My Firewall programme is presently blocking access to this site, however I would like to prevent this activity.

I have searched my Registry with the parameters : 239.255 - leecher - ask.com and anything else I could think of, with the only result coming from Ask.com which is the preferred search engine for Download Accelerator Plus, a programme which I do not use as files downloaded by it are corrupt or have an 'unexpected end to the archive'.

I have scanned my drives with Malwarebyter Anti-Malware Pro, Avira Anti-virus Premium (with Services, processes, and executables disabled by one when scanning with the other) and ESET Online Scanner. All came back with negative results. I have used SuperAntiSPYWARE to scan for malware threat with two false positives being recorded. However, as a consequence I quarantined each entry and will re-establish them if and when this problem is solved.

I did observe that after using GMER this time around that my system refused to shutdown forcing a cold boot. When I checked my Firewall Log after the boot I found that the entries to the above IP Address were missing, but came back after another re-boot.

Attach.zip and Snap1 are attached to this reply

DDS Log (29.05.10)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Stephen D Beakey at 10:34:09.10 on Sat 29/05/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3583.2756 [GMT 10:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

FW: Privatefirewall *enabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Common Files\Stardock\SDMCP.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\BrigSoft\AtomicClockService\PCAtomicServ.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\imapi.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Privacyware\Privatefirewall 7.0\pfgui.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\system32\wuauclt.exe

svchost.exe

D:\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

D:\Wallpaper Master\Wallpaper.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\dvd43\dvd43_tray.exe

C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe

D:\Softany\Monitor Control\MonitorControl.exe

D:\Stardock\CursorFX\CursorFX.exe

D:\Oregon Scientific\Weather OS\Weather OS.exe

D:\Sharp World Clock\Sharp World Clock.exe

D:\Stardock\Wincustomize\Bootskin\bootskin.exe

D:\Active Desktop Calendar\ADC.exe

D:\CyberLink\Power2Go\Power2Go\Power2GoExpress.exe

C:\Downloads\M'Bytes files\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Bar =

uSearch Page =

uDefault_Search_URL = hxxp://www.google.com/ie

uWindow Title = Stephen D Beakey @ Possum

mSearch Page = hxxp://www.google.com

mStart Page = about:blank

mSearch Bar = hxxp://google.com.au

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\avg\avgls\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mWinlogon: UIHost=c:\windows\system32\logonuiX.exe

BHO: AutorunsDisabled - No File

BHO: Cdcovers Toolbar: {13e0b548-6fc9-47e9-9874-470915f46548} - c:\program files\cdcovers\tbCdc0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\avg\avgls\avgssie.dll

BHO: BHO Class: {8b3868b4-eba8-48fa-a19b-e1dfb99066fa} - d:\flashcapture\fcbho.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\avg\avgls\toolbar\IEToolbar.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\dapieloader.dll

TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - d:\veoh networks\veoh\plugins\reg\VeohToolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll

TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - d:\avg\avgls\toolbar\IEToolbar.dll

TB: Cdcovers Toolbar: {13e0b548-6fc9-47e9-9874-470915f46548} - c:\program files\cdcovers\tbCdc0.dll

TB: TerraTec Home Cinema: {ad6e6555-fb2c-47d4-8339-3e2965509877} - c:\progra~1\terratec\terratec home cinema\ThcDeskBand.dll

TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll

TB: {0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - No File

TB: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tbliv0.dll

EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll

mRun: [startupDelayer] "d:\startup delayer\Startup Launcher.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\pfgui.exe

mRun: [bootSkin Startup Jobs] "d:\stardock\wincustomize\bootskin\bootskin.exe" /StartupJobs

uPolicies-explorer: EditLevel = 0 (0x0)

uPolicies-explorer: NoCommonGroups = 0 (0x0)

uPolicies-explorer: ForceCopyAclwithFile = 1 (0x1)

uPolicies-explorer: NoFavoritesMenu = 1 (0x1)

uPolicies-explorer: NoSMMyDocs = 1 (0x1)

uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)

uPolicies-explorer: NoSMMyPictures = 1 (0x1)

uPolicies-explorer: NoActiveDesktop = 00000000

uPolicies-explorer: HideClock = 0 (0x0)

mPolicies-explorer: NoFavoritesMenu = 1 (0x1)

mPolicies-explorer: NoSMMyDocs = 1 (0x1)

mPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)

mPolicies-explorer: NoSMMyPictures = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: NoFileAssociate = 0 (0x0)

mPolicies-system: NoDispSettingsPage = 0 (0x0)

IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {E59EB121-F339-4851-A3BA-FE49C35617C2}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\program files\avira\antivir desktop\avsda.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\update

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\avg\avgls\avgpp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll

Notify: WBSrv - d:\stardock\window~1\wbsrv.dll

AppInit_DLLs: wbsys.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - d:\stardock\iconpackager\iprepair.dll

SSODL: EnhancedDialog - {6D972050-A934-44D7-AC67-7C9E0B264220} - d:\stardock\enhanceddialog\enhdlginit.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\mcpcore.dll

STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - Stardock Vista ControlPanel Extension

STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - StardockDreamController

STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - d:\stardock\objectdock\ODMenu.dll

SEH: AssociateThis: {a7040f42-7dc2-473c-b01d-105c130706c5} - Associate This Shell Extension

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: ExecuteHooker Class: {569dac0f-2791-46ab-8efc-a54b77c04c20} - d:\dvd programmes\dvd ghost\ExecuteHooker.dll

SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - d:\dvdpro~1\dvdreg~1\DVDShell.dll

LSA: Authentication Packages = msv1_0 relog_ap

mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - c:\program files\pixiepack codec pack\InstallerHelper.exe

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stephe~1\applic~1\mozilla\firefox\profiles\aqtf7q1m.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=13701&l=dis&q=

FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\stephen d beakey\application data\mozilla\plugins\npPxPlay.dll

FF - plugin: c:\documents and settings\stephen d beakey\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\adobe\reader 9.0\reader\browser\nppdf32.dll

FF - plugin: d:\browsers\mozilla firefox\plugins\npwachk.dll

FF - plugin: d:\browsers\opera\program\plugins\npdsplay.dll

FF - plugin: d:\browsers\opera\program\plugins\nppl3260.dll

FF - plugin: d:\browsers\opera\program\plugins\nppl3260.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin2.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin3.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin4.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin5.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin6.dll

FF - plugin: d:\browsers\opera\program\plugins\npqtplugin7.dll

FF - plugin: d:\browsers\opera\program\plugins\nprpjplug.dll

FF - plugin: d:\browsers\opera\program\plugins\nprpjplug.dll

FF - plugin: d:\browsers\opera\program\plugins\NPSWF32.dll

FF - plugin: d:\browsers\opera\program\plugins\npwmsdrm.dll

FF - plugin: d:\picasa35\npPicasa2.dll

FF - plugin: d:\picasa35\npPicasa3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - d:\browsers\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - d:\browsers\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

d:\browsers\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\browsers\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

d:\browsers\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

d:\browsers\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

d:\browsers\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

d:\browsers\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\browsers\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\browsers\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

d:\browsers\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

d:\browsers\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

d:\browsers\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

d:\browsers\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

d:\browsers\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

d:\browsers\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

d:\browsers\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-10-11 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-10-11 15856]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-26 11608]

R1 AvgLdx86;AVG LinkScanner

Attach.zip

post-42936-1275099239_thumb.jpg

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Second Post

OTL Log

OTL logfile created on: 29/05/2010 11:14:47 AM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Downloads\M'Bytes files

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 156.24 Gb Total Space | 119.07 Gb Free Space | 76.21% Space Free | Partition Type: NTFS

Drive D: | 309.52 Gb Total Space | 269.38 Gb Free Space | 87.03% Space Free | Partition Type: NTFS

Drive E: | 232.88 Gb Total Space | 151.37 Gb Free Space | 65.00% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

Drive G: | 149.05 Gb Total Space | 61.97 Gb Free Space | 41.58% Space Free | Partition Type: NTFS

Drive H: | 465.76 Gb Total Space | 176.83 Gb Free Space | 37.97% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Computer Name: POSSUM

Current User Name: Stephen D Beakey

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/29 08:56:55 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Downloads\M'Bytes files\OTL.exe

PRC - [2010/05/26 09:33:54 | 002,397,424 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2010/05/13 12:54:56 | 000,357,000 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe

PRC - [2010/05/13 12:54:54 | 002,445,840 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfgui.exe

PRC - [2010/04/20 13:09:49 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2010/04/20 13:09:49 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

PRC - [2010/04/20 13:09:49 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/29 11:12:57 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/03/29 11:12:57 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2010/03/29 11:12:56 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/03/25 08:32:33 | 004,069,232 | ---- | M] (Stardock) -- D:\Stardock\ObjectDock\ObjectDock.exe

PRC - [2010/01/30 15:25:42 | 000,654,848 | ---- | M] (Stardock Corporation) -- D:\Stardock\CursorFX\CursorFX.exe

PRC - [2009/12/25 08:28:16 | 000,650,240 | ---- | M] (James Garton) -- D:\Wallpaper Master\Wallpaper.exe

PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2009/10/23 19:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2009/10/23 19:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe

PRC - [2009/10/19 23:26:48 | 000,625,152 | ---- | M] (Oregon Scientific) -- D:\Oregon Scientific\Weather OS\Weather OS.exe

PRC - [2009/10/14 09:56:34 | 001,231,872 | ---- | M] () -- D:\Softany\Monitor Control\MonitorControl.exe

PRC - [2009/07/08 18:02:24 | 002,684,200 | ---- | M] (CyberLink Corp.) -- D:\CyberLink\Power2Go\Power2Go\Power2GoExpress.exe

PRC - [2009/04/21 15:45:14 | 000,212,992 | ---- | M] () -- C:\Program Files\DeskMates\Sprite.exe

PRC - [2008/08/04 16:01:37 | 000,143,360 | ---- | M] () -- C:\Program Files\DeskMates\Manager.exe

PRC - [2008/05/02 14:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe

PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/01 17:24:07 | 003,723,264 | ---- | M] (XemiComputers ltd.) -- D:\Active Desktop Calendar\ADC.exe

PRC - [2007/10/23 18:55:56 | 001,671,168 | ---- | M] (Johannes Wallroth, www.programming.de) -- D:\Sharp World Clock\Sharp World Clock.exe

PRC - [2007/08/07 13:23:06 | 000,225,280 | ---- | M] (Opdicom Pty. Ltd.) -- C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe

PRC - [2007/07/07 18:50:32 | 000,344,064 | ---- | M] (Brigsoft) -- C:\Program Files\BrigSoft\AtomicClockService\PCAtomicServ.exe

PRC - [2005/05/10 17:31:22 | 000,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\Stardock\sdmcp.exe

========== Modules (SafeList) ==========

MOD - [2010/05/29 08:56:55 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Downloads\M'Bytes files\OTL.exe

MOD - [2010/04/28 12:47:10 | 000,571,973 | ---- | M] (Stardock Corporation) -- D:\Stardock\WindowBlinds\wblind.dll

MOD - [2010/03/25 04:18:57 | 000,676,864 | ---- | M] () -- D:\Stardock\ObjectDock\DockShellHook.dll

MOD - [2009/06/26 01:39:48 | 000,042,672 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\system32\wbsys.dll

MOD - [2009/06/24 02:23:16 | 000,070,960 | ---- | M] (Stardock.net, Inc) -- D:\Stardock\IconPackager\iprepair.dll

MOD - [2008/08/04 16:01:11 | 000,028,672 | ---- | M] () -- C:\Program Files\DeskMates\PaintMgr.dll

MOD - [2008/07/20 19:35:20 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- D:\Stardock\WindowBlinds\wbhelp.dll

MOD - [2008/05/19 06:33:20 | 004,445,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll

MOD - [2008/05/02 14:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll

MOD - [2008/03/27 13:15:48 | 000,049,152 | ---- | M] () -- D:\Active Desktop Calendar\MouseHook.dll

MOD - [2008/02/02 04:46:20 | 000,035,144 | ---- | M] ( ) -- D:\Stardock\CursorFX\CurXP0.dll

MOD - [2006/05/18 14:01:28 | 000,032,768 | ---- | M] (Stardock Corporation) -- D:\Stardock\EnhancedDialog\enhdlginit.dll

MOD - [2004/03/08 01:16:06 | 000,100,080 | ---- | M] (Microsoft Corporation) -- D:\MindSoft\MindSoft Utilities 2008\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (0121221240290827mcinstcleanup) McAfee Application Installer Cleanup (0121221240290827)

SRV - [2010/05/13 12:54:56 | 000,357,000 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/04/20 13:09:49 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2010/04/20 13:09:49 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2010/04/20 13:09:49 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/03/29 11:12:57 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/02/21 19:53:15 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)

SRV - [2010/02/21 19:53:14 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)

SRV - [2010/01/21 10:33:10 | 000,947,464 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- D:\PerfectSpeed20\Rx2Engine.exe -- (Rx2Engine)

SRV - [2010/01/21 10:33:08 | 000,779,528 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- D:\PerfectSpeed20\Rx2Agent.exe -- (Rx2Agent)

SRV - [2009/12/16 10:21:36 | 000,890,208 | ---- | M] () [Disabled | Stopped] -- D:\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe -- (Ashampoo Defrag Service)

SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2009/10/23 19:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2009/09/25 23:32:14 | 000,188,416 | ---- | M] () [Disabled | Stopped] -- D:\SoundTaxi Suite\DVDJoker\DVDJService.exe -- (DVDJService)

SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/09/17 15:57:14 | 000,335,872 | ---- | M] () [Disabled | Stopped] -- D:\SoundTaxi Suite\SoundTaxi Media Suite\STSService.exe -- (STSService)

SRV - [2009/09/16 18:32:46 | 000,180,224 | ---- | M] () [Disabled | Stopped] -- D:\SoundTaxi Suite\RipTiger\ElevatorService.exe -- (ElevatorService)

SRV - [2009/09/16 18:30:18 | 000,335,872 | ---- | M] () [Disabled | Stopped] -- D:\SoundTaxi Suite\GetRadio\RGService.exe -- (RGService)

SRV - [2009/09/16 18:27:26 | 000,335,872 | ---- | M] () [Disabled | Stopped] -- D:\SoundTaxi Suite\TuneGet\TGService.exe -- (TGService)

SRV - [2009/09/16 16:54:44 | 000,245,760 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SMServer)

SRV - [2009/07/15 10:44:18 | 000,749,912 | ---- | M] () [Disabled | Stopped] -- D:\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe -- (AASW2_Service)

SRV - [2009/07/01 07:18:20 | 000,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- D:\AVG\AVGLS\avgwdsvc.exe -- (avg8wd)

SRV - [2009/05/08 17:14:28 | 001,493,528 | ---- | M] (Nero AG) [Disabled | Stopped] -- D:\Nero 9\Nero 9\InCD\InCDSrv.exe -- (InCDSrv)

SRV - [2009/05/08 17:14:28 | 000,109,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- D:\Nero 9\Nero 9\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)

SRV - [2008/10/19 14:30:02 | 000,222,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2007/11/07 06:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007/07/07 18:50:32 | 000,344,064 | ---- | M] (Brigsoft) [Auto | Running] -- C:\Program Files\BrigSoft\AtomicClockService\PCAtomicServ.exe -- (BS_PCAtomicService)

SRV - [2006/06/29 19:05:58 | 000,204,800 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

========== Driver Services (SafeList) ==========

DRV - [2010/05/29 11:09:00 | 000,162,432 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)

DRV - [2010/05/26 09:33:54 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/30 14:12:10 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/04/19 15:23:26 | 000,117,584 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)

DRV - [2010/04/03 22:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2010/04/02 09:11:16 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/30 15:56:23] [Kernel | Auto | Running] -- D:\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})

DRV - [2010/03/31 11:58:04 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2010/03/31 11:58:04 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2010/03/29 11:12:57 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/03/29 11:12:57 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/03/22 16:30:22 | 000,222,672 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2010/02/26 10:44:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/02/26 10:39:47 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010/02/19 07:21:27 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2010/02/19 07:21:27 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2010/01/21 14:25:44 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)

DRV - [2010/01/21 14:25:32 | 000,027,752 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)

DRV - [2010/01/21 14:25:32 | 000,027,752 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)

DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)

DRV - [2009/12/18 08:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2009/11/11 17:23:46 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2009/10/21 02:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2009/10/21 01:04:34 | 000,041,120 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)

DRV - [2009/09/16 18:06:48 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)

DRV - [2009/08/21 09:33:52 | 000,073,232 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DefragFs.sys -- (DefragFS)

DRV - [2009/07/15 12:03:56 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrmRAudio.sys -- (DrmRAudio)

DRV - [2009/07/01 07:18:19 | 000,253,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/06/17 22:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2009/06/02 01:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)

DRV - [2009/06/02 01:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)

DRV - [2009/06/02 01:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)

DRV - [2009/05/23 01:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/05/09 20:40:20 | 000,108,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/03/27 12:55:32 | 000,234,304 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys -- (SCRCAMHRDRV)

DRV - [2009/03/02 15:00:46 | 000,095,592 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)

DRV - [2009/02/10 10:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AVFilter.sys -- (AVFilter)

DRV - [2009/01/12 18:25:38 | 000,005,504 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2008/12/31 18:08:36 | 000,015,784 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CLBStor.sys -- (CLBStor)

DRV - [2008/12/31 18:08:28 | 000,161,576 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\CLBUDF.sys -- (CLBUDF)

DRV - [2008/08/05 22:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008/07/18 10:00:53 | 000,388,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2008/07/18 10:00:53 | 000,032,288 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2008/07/18 10:00:39 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2008/04/14 22:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 22:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008/04/14 22:00:00 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2007/12/20 20:05:02 | 000,554,240 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mod7700.sys -- (mod7700)

DRV - [2007/12/17 19:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2007/09/06 20:15:22 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\dvdmmg.sys -- (dvdmmg)

DRV - [2007/07/11 19:06:20 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC)

DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)

DRV - [2007/02/22 11:28:48 | 000,030,864 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto | Running] -- D:\Astra32\astra32.sys -- (ASTRA32)

DRV - [2006/08/23 16:54:22 | 000,042,752 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\jraid.sys -- (JRAID)

DRV - [2006/02/07 21:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\JGOGO.sys -- (JGOGO)

DRV - [2006/01/04 17:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2005/07/13 10:20:20 | 000,298,634 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt930b.sys -- (SQTECH930B)

DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2004/08/13 12:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [1999/09/10 21:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9100/proxy.pac

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9100/proxy.pac

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9100/proxy.pac

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\altavista, = http://www.altavista.com/q?q=%s

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\aol, = http://search.aol.com/dirsearch.adp?query=%s

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\google, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\msn, = http://search.msn.com/results.asp?q=%s

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\yahoo, = http://search.yahoo.com/bin/search?p=%s

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..\URLSearchHook: *{13e0b548-6fc9-47e9-9874-470915f46548} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..\URLSearchHook: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\AVG\AVGLS\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-21-789336058-1343024091-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "GoogleFeed.net"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5

FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18

FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1

FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.1.2

FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3

FF - prefs.js..extensions.enabledItems: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:0.4.5

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}:0.6.5

FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10

FF - prefs.js..extensions.enabledItems: glowygreen-ff3-30@glowplug.bitasylum.net:3.6.1

FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10

FF - prefs.js..extensions.enabledItems: {5b35cb30-16b4-11de-8c30-0800200c9a66}:3.6.19.02.10

FF - prefs.js..extensions.enabledItems: {e7348bc0-16f6-11de-8c30-0800200c9a66}:3.6.19.02.10

FF - prefs.js..keyword.URL: "http://www.ask.com/web?o=13701&l=dis&q="

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/18 00:44:36 | 000,000,000 | --SD | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Browsers\Mozilla Firefox\components [2010/05/16 19:10:44 | 000,000,000 | R--D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Browsers\Mozilla Firefox\plugins [2010/05/01 13:14:26 | 000,000,000 | R--D | M]

FF - HKLM\software\mozilla\Netscape Navigator 9.0b2\extensions\\Components: D:\Browsers\Netscape\Navigator 9\components [2010/05/01 10:41:39 | 000,000,000 | R--D | M]

FF - HKLM\software\mozilla\Netscape Navigator 9.0b2\extensions\\Plugins: D:\Browsers\Netscape\Navigator 9\plugins [2010/05/01 10:41:39 | 000,000,000 | R--D | M]

[2009/07/01 09:54:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Extensions

[2010/05/28 16:12:41 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions

[2010/05/08 09:17:47 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010/04/28 16:38:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/02/16 11:46:35 | 000,000,000 | R--D | M] (Blue Fox) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}

[2010/02/16 11:46:36 | 000,000,000 | R--D | M] (Organize Status Bar) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}

[2010/05/28 16:12:37 | 000,000,000 | ---D | M] (Browser Backgrounds) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}

[2010/05/28 16:10:09 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

[2010/02/26 08:06:34 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}

[2010/05/28 16:10:09 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}

[2010/05/13 09:51:21 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010/02/16 11:46:36 | 000,000,000 | R--D | M] (livetvbar Toolbar) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{ad55c869-668e-457c-b270-0cfb2f61116f}

[2010/03/02 15:10:53 | 000,000,000 | ---D | M] (AllYouLike Toolbar) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{b1dab52c-acc8-4faa-94dc-d30f85f55a4b}

[2010/05/01 11:54:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/02/16 11:46:36 | 000,000,000 | R--D | M] (Green Fox) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}

[2010/05/22 09:45:27 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

[2010/02/16 11:46:36 | 000,000,000 | R--D | M] () -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}

[2010/02/16 11:46:36 | 000,000,000 | R--D | M] (BlockSite) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668add}

[2010/02/16 11:46:37 | 000,000,000 | R--D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/02/23 18:10:37 | 000,000,000 | R--D | M] (Pink Fox) -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}

[2010/05/22 09:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\firefox@ghostery.com

[2010/02/16 11:46:37 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\firefox@tvunetworks.com

[2010/02/24 17:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\foxyproxy@eric.h.jung

[2010/03/23 21:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\glowygreen-ff3-30@glowplug.bitasylum.net

[2009/11/19 10:37:18 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\optout@dubfire.net

[2010/04/14 09:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\extensions\personas@christopher.beard

[2009/11/01 23:02:18 | 000,002,142 | ---- | M] () -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\searchplugins\bmrk-file-host-search.xml

[2009/11/19 10:34:49 | 000,000,059 | -HS- | M] () -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\searchplugins\Desktop.ini

[2009/11/19 10:34:49 | 000,027,702 | -HS- | M] () -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\searchplugins\FolderMarker.ico

[2009/11/14 18:40:48 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\searchplugins\GoogleFeed.xml

[2009/10/01 08:15:42 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Stephen D Beakey\Application Data\Mozilla\Firefox\Profiles\aqtf7q1m.default\searchplugins\mozilla-add-ons.xml

O1 HOSTS File: ([2010/05/24 17:58:03 | 000,395,891 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 13672 more lines...

O2 - BHO: (Cdcovers Toolbar) - {13e0b548-6fc9-47e9-9874-470915f46548} - C:\Program Files\Cdcovers\tbCdc0.dll (Conduit Ltd.)

O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG\AVGLS\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (BHO Class) - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - D:\FlashCapture\FCBHO.dll (Dreamingsoft, Inc.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\AVG\AVGLS\Toolbar\IEToolbar.dll ()

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Cdcovers Toolbar) - {13e0b548-6fc9-47e9-9874-470915f46548} - C:\Program Files\Cdcovers\tbCdc0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)

O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\AVG\AVGLS\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

O3 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..\Toolbar\ShellBrowser: (livetvbar Toolbar) - {AD55C869-668E-457C-B270-0CFB2F61116F} - C:\Program Files\livetvbar\tbliv0.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..\Toolbar\WebBrowser: (Cdcovers Toolbar) - {13E0B548-6FC9-47E9-9874-470915F46548} - C:\Program Files\Cdcovers\tbCdc0.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..\Toolbar\WebBrowser: (livetvbar Toolbar) - {AD55C869-668E-457C-B270-0CFB2F61116F} - C:\Program Files\livetvbar\tbliv0.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..\Toolbar\WebBrowser: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)

O3 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\AVG\AVGLS\Toolbar\IEToolbar.dll ()

O3 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\pfgui.exe (Privacyware/PWI, Inc.)

O4 - HKLM..\Run: [startupDelayer] D:\Startup Delayer\Startup Launcher.exe (r2 studios)

O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FolderMarker.ico ()

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = D:\Stardock\ObjectDock\ObjectDock.exe (Stardock)

O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\FolderMarker.ico ()

O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\FolderMarker.ico ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhotoSupport present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhotoSupport present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhotoSupport present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhotoSupport present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\Software\Policies\Microsoft\Internet Explorer\PhotoSupport present

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = [binary data]

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 1

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = [binary data]

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()

O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O15 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-789336058-1343024091-725345543-1003\..Trusted Domains: microsoft.com ([update] https in Trusted sites)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\AVGLS\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\Stardock\MCPStub.dll (Stardock)

O20 - Winlogon\Notify\WBSrv: DllName - D:\Stardock\WINDOW~1\wbsrv.dll - D:\Stardock\WindowBlinds\WbSrv.dll (Stardock Corporation)

O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\mcpcore.dll (Stardock)

O21 - SSODL: EnhancedDialog - {6D972050-A934-44D7-AC67-7C9E0B264220} - D:\Stardock\EnhancedDialog\enhdlginit.dll (Stardock Corporation)

O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - D:\Stardock\IconPackager\iprepair.dll (Stardock.net, Inc)

O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - D:\Stardock\ObjectDock\ODMenu.dll (Stardock)

O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - Reg Error: Key error. File not found

O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - Reg Error: Key error. File not found

O24 - Desktop Components:0 () -

O24 - Desktop WallPaper: C:\Documents and Settings\Stephen D Beakey\Application Data\XemiComputers\Active Desktop Calendar\Desktop\Active Desktop Calendar.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stephen D Beakey\Application Data\XemiComputers\Active Desktop Calendar\Desktop\Active Desktop Calendar.bmp

O28 - HKLM ShellExecuteHooks: {569DAC0F-2791-46ab-8EFC-A54B77C04C20} - D:\DVD Programmes\DVD Ghost\ExecuteHooker.dll (BlazeVideo Inc.)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - D:\DVD Programmes\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)

O28 - HKLM ShellExecuteHooks: {A7040F42-7DC2-473C-B01D-105C130706C5} - Reg Error: Value error. File not found

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/09/02 10:45:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/10/25 15:12:38 | 000,000,000 | --SD | M] - D:\AutoMz -- [ NTFS ]

O32 - AutoRun File - [2009/11/01 09:40:00 | 000,000,000 | --SD | M] - D:\Autoruns -- [ NTFS ]

O32 - AutoRun File - [2010/05/23 08:08:14 | 000,000,000 | R--D | M] - H:\Autoruns -- [ NTFS ]

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 23:31:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Stephen D Beakey\Recent

[2010/05/27 22:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/27 11:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/05/23 23:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen D Beakey\Local Settings\Application Data\Privatefirewall

[2010/05/23 23:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Privacyware

[2010/05/23 23:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Privacyware

[2010/05/23 18:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software

[2010/05/14 13:51:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax

[2010/05/14 13:51:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax

[2010/05/14 12:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\SkypeMate

[2010/05/14 12:56:37 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll

[2010/05/02 11:43:56 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll

[2010/05/01 16:29:56 | 000,100,896 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\RTNUninst32.dll

[2010/05/01 15:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen D Beakey\Application Data\DeviceDoctorSoftware

[2010/05/01 15:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Device Doctor

[2010/05/01 13:14:26 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/05/01 13:14:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/05/01 13:14:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/05/01 13:14:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/05/01 13:14:26 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/04/30 14:19:54 | 002,083,312 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll

[2010/04/30 14:19:54 | 000,678,384 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll

[2010/04/30 14:19:54 | 000,559,600 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll

[2010/04/30 14:19:54 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll

[2010/04/30 14:19:54 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll

[2010/04/30 14:19:54 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll

[2010/04/30 14:19:54 | 000,125,424 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe

[2010/04/30 14:19:54 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe

[2010/04/30 14:19:54 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll

[2010/04/30 14:19:54 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe

[2010/04/30 14:19:54 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe

[2010/04/30 14:19:54 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe

[2010/04/30 14:19:54 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys

[2010/04/30 14:19:54 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys

[2010/04/30 14:12:10 | 000,018,816 | ---- | C] (RIF) -- C:\WINDOWS\System32\drivers\dvd43llh.sys

[2010/04/29 17:51:27 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll

[2009/06/25 16:53:21 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll

[2009/06/25 16:53:20 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll

[2009/06/25 16:53:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll

[2009/06/25 16:53:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll

[2000/07/13 23:43:30 | 000,160,256 | ---- | C] ( ) -- C:\WINDOWS\System32\GVJPEG32.dll

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/29 11:13:46 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync

[2010/05/29 11:11:24 | 002,787,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logonuiX.exe

[2010/05/29 11:09:53 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini

[2010/05/29 11:09:00 | 000,162,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys

[2010/05/29 11:08:18 | 000,003,447 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/29 11:06:11 | 000,001,452 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/29 11:05:35 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/05/29 11:05:34 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/05/29 11:05:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/29 11:05:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/29 10:28:20 | 023,592,960 | ---- | M] () -- C:\Documents and Settings\Stephen D Beakey\ntuser.dat

[2010/05/29 10:28:20 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Stephen D Beakey\ntuser.ini

[2010/05/28 23:31:50 | 024,001,530 | -H-- | M] () -- C:\Documents and Settings\Stephen D Beakey\Local Settings\Application Data\IconCache.db

[2010/05/28 12:19:58 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Stephen D Beakey\defogger_reenable

[2010/05/24 17:58:03 | 000,395,891 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/05/24 17:22:59 | 000,393,661 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100524-175803.backup

[2010/05/24 11:40:39 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll

[2010/05/24 09:44:56 | 000,004,214 | ---- | M] () -- C:\WINDOWS\zPCAtomicServ.ini

[2010/05/24 01:07:41 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\Wise Registry Cleaner Schedule Task.job

[2010/05/24 00:01:15 | 000,000,012 | ---- | M] () -- C:\WINDOWS\zPCAtomicServ.bin

[2010/05/23 23:25:17 | 000,000,494 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/05/23 16:36:19 | 023,199,744 | ---- | M] () -- C:\Documents and Settings\Stephen D Beakey\ntuser.bak

[2010/05/23 16:33:33 | 000,460,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/05/23 16:33:33 | 000,077,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/05/15 09:33:16 | 000,393,661 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100524-172259.backup

[2010/05/09 13:17:38 | 000,393,661 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100515-093316.backup

[2010/05/09 13:16:23 | 000,393,661 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-131738.backup

[2010/05/09 12:28:27 | 000,006,598 | ---- | M] () -- C:\Documents and Settings\Stephen D Beakey\Desktop\New OpenDocument Spreadsheet.ods

[2010/05/09 10:23:11 | 000,393,661 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-131623.backup

[2010/05/08 15:21:58 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Stephen D Beakey\.recently-used.xbel

[2010/05/08 14:06:46 | 000,335,592 | ---- | M] () -- C:\Documents and Settings\Stephen D Beakey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/05/08 14:03:30 | 001,016,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/05/02 11:55:12 | 000,000,115 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.SYL

[2010/05/01 18:20:45 | 000,711,168 | ---- | M] () -- C:\WINDOWS\is-S7V82.exe

[2010/05/01 18:20:45 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-S7V82.msg

[2010/05/01 18:20:45 | 000,000,399 | ---- | M] () -- C:\WINDOWS\is-S7V82.lst

[2010/05/01 17:54:50 | 000,711,168 | ---- | M] () -- C:\WINDOWS\is-105LB.exe

[2010/05/01 17:54:50 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-105LB.msg

[2010/05/01 17:54:50 | 000,000,399 | ---- | M] () -- C:\WINDOWS\is-105LB.lst

[2010/05/01 17:18:56 | 000,393,661 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100509-102311.backup

[2010/05/01 17:16:10 | 000,392,543 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100501-171856.backup

[2010/05/01 16:34:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

[2010/05/01 13:51:34 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\Stephen D Beakey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/01 13:14:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/05/01 13:14:20 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/05/01 13:14:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/05/01 13:14:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/05/01 13:14:20 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/05/01 12:38:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/01 12:38:11 | 000,000,212 | -HS- | M] () -- C:\boot.ini

[2010/04/30 14:12:10 | 000,018,816 | ---- | M] (RIF) -- C:\WINDOWS\System32\drivers\dvd43llh.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/29 11:13:46 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync

[2010/05/28 12:19:51 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Stephen D Beakey\defogger_reenable

[2010/05/24 01:07:13 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\Wise Registry Cleaner Schedule Task.job

[2010/05/23 17:48:39 | 000,003,188 | ---- | C] () -- C:\WINDOWS\System32\3D Waterfall Screensaver.html

[2010/05/23 17:48:38 | 009,322,496 | ---- | C] () -- C:\WINDOWS\System32\3D Waterfall Screensaver.scr

[2010/05/14 12:56:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\CameraFixer.exe

[2010/05/14 12:56:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd3.exe

[2010/05/09 12:28:27 | 000,006,598 | ---- | C] () -- C:\Documents and Settings\Stephen D Beakey\Desktop\New OpenDocument Spreadsheet.ods

[2010/05/08 15:21:58 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Stephen D Beakey\.recently-used.xbel

[2010/05/01 18:20:45 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-S7V82.exe

[2010/05/01 18:20:45 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-S7V82.msg

[2010/05/01 18:20:45 | 000,000,399 | ---- | C] () -- C:\WINDOWS\is-S7V82.lst

[2010/05/01 17:54:50 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-105LB.exe

[2010/05/01 17:54:50 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-105LB.msg

[2010/05/01 17:54:50 | 000,000,399 | ---- | C] () -- C:\WINDOWS\is-105LB.lst

[2010/05/01 16:34:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

[2010/03/23 17:40:03 | 000,001,383 | ---- | C] () -- C:\WINDOWS\{46578609-AD6D-4E69-AC8F-28B89C090F3B}.ini

[2010/03/23 17:40:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\{46578609-AD6D-4E69-AC8F-28B89C090F3B}.ini

[2010/03/06 09:06:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\Calendar.INI

[2010/03/05 18:28:49 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Water Desktop.INI

[2010/03/05 18:27:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Menu.dll

[2010/02/18 19:00:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll

[2010/02/18 19:00:27 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2010/01/16 12:39:39 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys

[2009/12/27 11:29:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PIROSIKI.ini

[2009/12/23 11:54:23 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009/12/23 11:52:51 | 000,027,054 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/12/17 18:43:51 | 000,000,054 | ---- | C] () -- C:\WINDOWS\SCSIZUKU.INI

[2009/12/17 18:03:09 | 000,024,497 | ---- | C] () -- C:\WINDOWS\SWING.DLL

[2009/12/17 17:20:41 | 000,000,022 | ---- | C] () -- C:\WINDOWS\axss.ini

[2009/12/17 15:05:45 | 000,000,153 | ---- | C] () -- C:\WINDOWS\DOScrSvr.Ini

[2009/12/16 18:04:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini

[2009/12/04 09:10:07 | 000,974,848 | ---- | C] () -- C:\WINDOWS\vorbis.dll

[2009/12/04 09:10:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\ogg.dll

[2009/12/04 09:10:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\vorbisfile.dll

[2009/11/20 10:41:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Mpwinapppiobas69.dll

[2009/11/18 17:20:56 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini

[2009/11/18 08:28:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI

[2009/11/18 08:28:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI

[2009/11/18 08:28:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI

[2009/11/10 16:30:11 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\_WDYSZYG.sys

[2009/11/07 23:35:27 | 000,004,684 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/11/06 08:29:37 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2009/10/25 21:53:37 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/10/10 20:46:37 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2009/10/10 09:19:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\PwrUpCid.dll

[2009/10/08 07:41:06 | 000,001,608 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini

[2009/10/04 03:36:01 | 006,021,120 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll

[2009/10/02 15:23:59 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/10/02 15:23:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/09/24 14:42:17 | 000,015,346 | ---- | C] () -- C:\WINDOWS\930TwCfg.INI

[2009/09/24 14:42:15 | 000,298,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt930b.sys

[2009/09/24 14:42:14 | 000,024,966 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd930b.sys

[2009/08/07 10:56:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI

[2009/08/07 09:07:29 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000028.DLL

[2009/08/07 09:07:29 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000023.DLL

[2009/08/04 11:33:29 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI

[2009/07/26 21:59:36 | 000,001,123 | ---- | C] () -- C:\WINDOWS\extracdrip.ini

[2009/07/15 07:15:14 | 000,000,175 | ---- | C] () -- C:\WINDOWS\EQ3D.ini

[2009/07/11 17:50:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/07/11 17:50:54 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/07/11 17:50:39 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009/07/11 17:50:38 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009/07/11 17:49:27 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2009/06/25 16:53:25 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini

[2009/06/08 17:42:40 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\HDX4MediaConverter2.dll

[2009/06/08 16:01:52 | 000,002,196 | ---- | C] () -- C:\WINDOWS\coolmp3.ini

[2009/06/06 18:23:49 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\vidstub.sys

[2009/05/19 17:25:52 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SWFConverter.INI

[2009/04/26 09:24:35 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2009/03/02 11:33:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/03/02 11:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008/09/17 12:12:48 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HDX4MediaReveal.dll

[2008/09/09 18:07:30 | 000,000,123 | ---- | C] () -- C:\WINDOWS\CerberusSecurityGuard.ini

[2008/07/09 18:32:40 | 000,000,426 | ---- | C] () -- C:\WINDOWS\{DD4639C8-9961-4D8A-B93D-5738D33B13D8}_WiseFW.ini

[2008/05/29 15:48:26 | 000,058,616 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll

[2008/05/06 13:49:32 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI

[2008/05/05 14:52:38 | 000,000,004 | ---- | C] () -- C:\WINDOWS\scanreg.ini

[2008/04/24 20:05:22 | 000,000,338 | ---- | C] () -- C:\WINDOWS\IpxViewr.INI

[2008/04/23 12:08:42 | 000,000,110 | ---- | C] () -- C:\WINDOWS\Ssstudio.INI

[2008/04/21 13:18:15 | 000,000,237 | ---- | C] () -- C:\WINDOWS\System32\BOOTBAK.INI

[2008/04/18 21:13:30 | 000,020,214 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008/04/11 07:16:46 | 000,084,672 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB.DLL

[2008/04/07 14:16:49 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2008/04/05 18:47:37 | 000,000,283 | ---- | C] () -- C:\WINDOWS\rest2.ini

[2008/03/30 11:48:11 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

[2008/03/29 04:42:06 | 000,015,398 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008/03/28 10:27:54 | 000,000,173 | ---- | C] () -- C:\WINDOWS\LITERATI.INI

[2008/03/28 10:27:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\LITPLUS.INI

[2008/03/27 19:12:18 | 000,000,187 | ---- | C] () -- C:\WINDOWS\DVDXRestrictionFree.ini

[2008/03/27 18:59:32 | 000,000,062 | ---- | C] () -- C:\WINDOWS\MFPRO98.INI

[2008/03/26 20:27:50 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\dzwrapper.dll

[2008/03/26 20:27:47 | 009,105,408 | ---- | C] () -- C:\WINDOWS\System32\dzcore.dll

[2008/03/26 20:27:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dzcarrara.dll

[2008/03/26 20:27:44 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\dzbryce6.dll

[2008/03/26 20:27:43 | 002,076,672 | ---- | C] () -- C:\WINDOWS\System32\dz3delight.dll

[2008/03/26 20:27:41 | 006,131,712 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll

[2008/03/26 20:27:39 | 001,785,856 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll

[2008/03/24 12:12:50 | 000,005,385 | ---- | C] () -- C:\WINDOWS\ATM.INI

[2008/03/24 10:53:18 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI

[2008/03/24 10:53:04 | 000,084,672 | ---- | C] () -- C:\WINDOWS\PCDLIB.DLL

[2008/03/24 10:34:32 | 000,000,139 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2008/03/24 10:34:20 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2008/03/23 17:49:48 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/03/23 15:26:26 | 000,052,490 | ---- | C] () -- C:\WINDOWS\DcArt32presets.ini

[2008/03/23 14:08:27 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngine2.SYS

[2008/03/23 14:02:23 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI

[2008/03/19 14:43:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2008/03/19 10:40:14 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini

[2008/03/19 10:39:36 | 000,585,791 | ---- | C] () -- C:\WINDOWS\gmer.dll

[2008/03/18 13:46:34 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll

[2008/03/18 13:46:07 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2008/03/18 13:44:05 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\VistaUltm.dll

[2008/03/18 13:44:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Smab0.dll

[2008/03/18 12:21:29 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini

[2008/03/16 23:21:18 | 000,012,423 | ---- | C] () -- C:\WINDOWS\smartex.ini

[2008/03/16 22:31:35 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll

[2008/03/16 09:14:39 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/03/16 08:44:16 | 000,000,572 | ---- | C] () -- C:\WINDOWS\smrpro.INI

[2008/03/15 19:15:47 | 000,000,115 | ---- | C] () -- C:\WINDOWS\VMorpher.INI

[2008/03/15 19:14:49 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI

[2008/03/15 18:09:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\muangsys.dll

[2008/03/15 18:09:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\muadisp.dll

[2008/03/13 19:39:52 | 000,003,146 | ---- | C] () -- C:\WINDOWS\GWSFILTR.INI

[2008/03/13 19:39:52 | 000,000,360 | ---- | C] () -- C:\WINDOWS\GWSTXTR.INI

[2008/03/13 19:37:42 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AlchemyMindworksUpdateList.INI

[2008/03/13 19:34:13 | 000,009,068 | ---- | C] () -- C:\WINDOWS\gwspro30.INI

[2008/03/11 16:17:17 | 000,000,457 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2008/03/11 11:00:59 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SWPRODPB.INI

[2008/03/11 10:22:06 | 000,004,214 | ---- | C] () -- C:\WINDOWS\zPCAtomicServ.ini

[2008/03/11 09:00:33 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008/03/11 09:00:33 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/03/10 16:01:28 | 000,000,118 | ---- | C] () -- C:\WINDOWS\cool.ini

[2008/03/10 15:57:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini

[2008/03/10 13:35:31 | 000,016,376 | ---- | C] () -- C:\WINDOWS\chimes.INI

[2008/03/09 10:46:24 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008/03/06 17:38:53 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2008/03/05 18:38:08 | 001,457,024 | ---- | C] () -- C:\WINDOWS\System32\SSCProt.dll

[2008/03/05 12:06:10 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008/03/05 12:05:59 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008/02/01 09:55:20 | 000,000,109 | ---- | C] () -- C:\WINDOWS\System32\OSENXPSUITE2005.INI

[2007/11/07 06:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/09/06 20:15:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdmmg.sys

[2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2007/04/05 05:42:00 | 000,361,472 | ---- | C] () -- C:\WINDOWS\System32\MouseHook.dll

[2006/11/18 17:27:16 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\neoqaz2.dll

[2006/06/29 17:19:26 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\id3vx_ocx.dll

[2006/02/23 17:37:18 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACEncoder.dll

[2006/02/23 16:37:06 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\dsfVorbisDecoder.dll

[2006/02/23 16:36:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dsfOggDemux2.dll

[2006/02/23 16:35:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfOGMDecoder.dll

[2006/02/23 16:35:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfNativeFLACSource.dll

[2006/02/23 16:35:40 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACDecoder.dll

[2006/02/23 16:34:58 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\libFLAC++.dll

[2006/02/23 16:34:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\libFishSound.dll

[2006/02/23 16:34:38 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\libOOOggSeek.dll

[2006/02/23 16:34:26 | 001,108,480 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2006/02/23 16:34:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\libOOogg.dll

[2006/02/23 16:33:54 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll

[2006/02/13 14:08:56 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll

[2005/03/22 08:45:38 | 000,359,936 | ---- | C] () -- C:\WINDOWS\System32\gvraw32.dll

[2005/02/18 14:05:36 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dfxg15.dll

[2004/07/01 18:38:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll

[2004/07/01 18:38:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll

[2004/01/22 19:06:32 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll

[2003/11/16 19:48:02 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2003/11/16 02:54:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2003/07/24 21:21:08 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\renMM.dll

[2003/04/25 08:59:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\id3lib.dll

[2002/10/07 08:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002/09/18 15:14:56 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\therename.dll

[2002/09/18 15:13:58 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\renogg.dll

[2002/03/17 10:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000022.DLL

[1997/01/25 01:52:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\RipTiger.bat:SummaryInformation

@Alternate Data Stream - 8 bytes -> C:\WINDOWS:

@Alternate Data Stream - 247 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Third Post

EXTRAS Log

OTL Extras logfile created on: 29/05/2010 11:14:47 AM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Downloads\M'Bytes files

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 156.24 Gb Total Space | 119.07 Gb Free Space | 76.21% Space Free | Partition Type: NTFS

Drive D: | 309.52 Gb Total Space | 269.38 Gb Free Space | 87.03% Space Free | Partition Type: NTFS

Drive E: | 232.88 Gb Total Space | 151.37 Gb Free Space | 65.00% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

Drive G: | 149.05 Gb Total Space | 61.97 Gb Free Space | 41.58% Space Free | Partition Type: NTFS

Drive H: | 465.76 Gb Total Space | 176.83 Gb Free Space | 37.97% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Computer Name: POSSUM

Current User Name: Stephen D Beakey

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.inf [@ = inffile] -- D:\Stardock\Object Edit\oe.exe (Stardock, Inc.)

[HKEY_USERS\S-1-5-21-789336058-1343024091-725345543-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Browsers\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

inffile [open] -- "D:\Stardock\Object Edit\oe.exe" "%1" (Stardock, Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse in Ember] -- D:\Firehand\Ember\Ember.exe %1 (Firehand Technologies Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [open] -- C:\Windows\explorer.exe /n,/e, %1 (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"135:TCP" = 135:TCP:*:Enabled:DCOM(135)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"D:\Tidy Favorites\TidyFavorites.exe" = D:\Tidy Favorites\TidyFavorites.exe:*:Enabled:TidyFavorites -- (OrdinarySoft)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\CyberLink\PowerDirector\PDR.exe" = D:\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)

"D:\FrostWire\FrostWire.exe" = D:\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- (FrostWire Group)

"D:\LimeWire\LimeWire.exe" = D:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\IncrediMail\bin\ImSc.exe" = C:\Program Files\IncrediMail\bin\ImSc.exe:*:Enabled:IncrediMail -- ()

"D:\AVG\AVGLS\avgupd.exe" = D:\AVG\AVGLS\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"D:\AVG\AVGLS\avgnsx.exe" = D:\AVG\AVGLS\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\360desktop\360desktop.exe" = C:\Program Files\360desktop\360desktop.exe:*:Disabled:360desktop -- (360desktop Pty. Ltd.)

"C:\Program Files\360desktop\360manager.exe" = C:\Program Files\360desktop\360manager.exe:*:Disabled:360desktop manager -- (360desktop Pty. Ltd.)

"D:\ICQ6.5\ICQ.exe" = D:\ICQ6.5\ICQ.exe:*:Disabled:ICQ6 -- (ICQ, LLC.)

"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Disabled:Magentic -- (IncrediMail, Ltd.)

"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Disabled:Magentic -- ()

"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Disabled:Magentic -- ()

"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (SpeedBit Ltd.)

"D:\Browsers\Opera\opera.exe" = D:\Browsers\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"D:\Browsers\Mozilla Firefox\firefox.exe" = D:\Browsers\Mozilla Firefox\firefox.exe:*:Enabled:firefox.exe -- (Mozilla Corporation)

"G:\Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = G:\Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)

"G:\Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe" = G:\Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:*:Enabled:Sins of a Solar Empire - Entrenchment -- (Ironclad Games)

"C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Disabled:TerraTec Home Cinema Classic -- (TerraTec Electronic GmbH)

"C:\Program Files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Disabled:TerraTec Home Cinema Classic (Auto Update) -- (TerraTec Electronic GmbH)

"C:\Program Files\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Disabled:TerraTec Home Cinema Classic (Setup) -- (TerraTec Electronic GmbH)

"C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Disabled:TerraTec Home Cinema Classic (tvtv Setup) -- (TerraTec Electronic GmbH)

"D:\Tidy Favorites\TidyFavorites.exe" = D:\Tidy Favorites\TidyFavorites.exe:*:Disabled:TidyFavorites -- (OrdinarySoft)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

""2Flyer Screensaver Builder Pro"_is1" = 2FlyerPro

""2Flyer Screensaver Builder"_is1" = 2FlyerSaver

""Tank At The Gates!"_is1" = "Tank At The Gates!" 0.0.1.8

"{010EF03D-F83D-4A76-BF39-8306660CC650}" = Dream Manager

"{01287DE9-6EEB-488D-99C7-FE3C707A87AC}" = BIAS SoundSoap SE 2.2

"{038A524F-58DB-438A-8391-8F7F0CA14B9E}" = Microsoft

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hi Dave,

Thanks for the logs :D

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avira or PCTools.

UNINSTALL PROGRAMS

--------------------------------

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.


  • Download accelerator plus (DAP)

If you are unsure of how to use Add or Remove Programs, then please see this tutorial:

How To Remove An Installed Program From Your Computer

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Elise,

THANK YOU. Yes, I know it is shouting. Firstly, the issue of 'two' Anti-Virus programmes running at the same time. You can carve this in stone - there is only one such programme executing at any time on this system. I use Malwarebytes' Anti-Virus on a bi-weekly basis, and when executed all Alvira's executables, Services, and processes are disabled or quarantined so they do not interfere with the Malwarebyte's scan. The same applies when Alvira is in use. I removed PC Tools Anti-Virus and Threatfire about 3 years ago, and for several months after that I kept finding files and Registry scraps. The indication that PC Tools programmes were executing on this system is a false positive. I will be removing that fragment. I uninstalled DAP and rebooted with Anti-Virus and Spyware programmes disabled, then ran Combofix.exe. The results are hereunder :

COMBOFIX Log

ComboFix 10-05-29.03 - Stephen D Beakey 30/05/2010 7:51.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3583.2581 [GMT 10:00]

Running from: c:\downloads\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

FW: Privatefirewall *enabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\FolderMarker.ico

c:\documents and settings\Stephen D Beakey\Application Data\Desktopicon

c:\documents and settings\Stephen D Beakey\Application Data\Desktopicon\Desktop.ini

c:\documents and settings\Stephen D Beakey\Application Data\Desktopicon\eBay.ico

c:\documents and settings\Stephen D Beakey\Application Data\Desktopicon\FolderMarker.ico

c:\documents and settings\Stephen D Beakey\Application Data\Desktopicon\uninst.exe

c:\windows\desktop

c:\windows\desktop\desktop.ini

c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\FolderMarker.ico

c:\windows\system32\SHELLLNK.TLB

c:\windows\Tasks\FolderMarker.ico

.

((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))

.

2010-05-27 01:23 . 2010-05-27 01:23 -------- d-----w- c:\program files\ESET

2010-05-23 14:54 . 2010-05-23 14:54 42 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E339AE8E2A3026E4F92518C227EBA2B6.dll

2010-05-23 13:31 . 2010-05-23 13:31 -------- d-----w- c:\documents and settings\Stephen D Beakey\Local Settings\Application Data\Privatefirewall

2010-05-23 13:25 . 2010-05-23 13:25 -------- d-----w- c:\program files\Privacyware

2010-05-23 13:25 . 2010-05-23 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Privacyware

2010-05-23 08:59 . 2010-05-23 08:59 -------- d-----w- c:\program files\Sunbelt Software

2010-05-23 07:48 . 2005-07-13 06:53 9322496 ----a-w- c:\windows\system32\3D Waterfall Screensaver.scr

2010-05-14 03:48 . 1999-07-12 02:45 0 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\InstallShield\ISEngine12.0\objectps.dll

2010-05-14 02:58 . 2010-05-14 03:58 -------- d-----w- c:\program files\SkypeMate

2010-05-14 02:56 . 2006-05-17 03:14 20480 ----a-w- c:\windows\CameraFixer.exe

2010-05-14 02:56 . 2005-12-23 07:17 53248 ----a-w- c:\windows\vsnpstd3.dll

2010-05-14 02:56 . 2004-12-08 08:40 20480 ----a-w- c:\windows\usnpstd3.exe

2010-05-12 05:10 . 2010-05-12 05:10 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_74D47712414F0654E9580FF4836AACA6.dll

2010-05-12 05:10 . 2010-05-12 05:10 4912 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DE532CED4A8571542A874CE1D8EABAB3.dll

2010-05-12 05:10 . 2010-05-12 05:10 3952 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E603EB826AD5C9F4DB0BBD3A8C6CFFDF.dll

2010-05-12 05:10 . 2010-05-12 05:10 287 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E12BB76A914DBB54BA68D7781DB4CB2E.dll

2010-05-12 05:10 . 2010-05-12 05:10 272 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AAAC58F1687BB5E4AADD36886599E23F.dll

2010-05-12 05:10 . 2010-05-12 05:10 27 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120602FF.dll

2010-05-12 05:10 . 2010-05-12 05:10 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952D7EE5731D8344A9F5244F23CE4012.dll

2010-05-12 05:10 . 2010-05-12 05:10 546 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3F552355DF871F046A8F8628412056EF.dll

2010-05-12 05:10 . 2010-05-12 05:10 409 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2CBA75073FFE34E48960B8BCE6AEF96E.dll

2010-05-12 05:10 . 2010-05-12 05:10 131 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E9201899CF73FC4BA93F631631229A1.dll

2010-05-12 05:10 . 2010-05-12 05:10 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_38A474C5F54AC074A98CB21D2C15FBA9.dll

2010-05-08 01:05 . 2010-05-08 04:21 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe

2010-05-02 01:43 . 2004-12-07 00:11 258352 ----a-w- c:\windows\system32\unicows.dll

2010-05-01 08:20 . 2010-05-01 08:20 711168 ----a-w- c:\windows\is-S7V82.exe

2010-05-01 07:54 . 2010-05-01 07:54 711168 ----a-w- c:\windows\is-105LB.exe

2010-05-01 06:34 . 2009-11-11 07:23 27744 ----a-w- c:\windows\system32\drivers\point32.sys

2010-05-01 06:29 . 2010-01-12 03:35 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

2010-05-01 05:37 . 2010-05-01 05:37 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\DeviceDoctorSoftware

2010-05-01 05:37 . 2010-05-01 05:37 -------- d-----w- c:\program files\Device Doctor

2010-05-01 03:14 . 2010-05-01 03:14 503808 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38cf09b1-n\msvcp71.dll

2010-05-01 03:14 . 2010-05-01 03:14 499712 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38cf09b1-n\jmc.dll

2010-05-01 03:14 . 2010-05-01 03:14 348160 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38cf09b1-n\msvcr71.dll

2010-05-01 03:14 . 2010-05-01 03:14 61440 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-34e6bd49-n\decora-sse.dll

2010-05-01 03:14 . 2010-05-01 03:14 12800 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-34e6bd49-n\decora-d3d.dll

2010-05-01 03:14 . 2010-05-01 03:14 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-01 00:31 . 2010-05-01 00:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-04-30 05:54 . 2010-04-30 05:54 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe

2010-04-30 04:20 . 2010-04-30 04:20 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-04-30 04:20 . 2010-04-30 04:18 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-04-30 04:20 . 2010-04-27 22:51 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-04-30 04:20 . 2010-04-30 04:20 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-04-30 04:20 . 2010-04-30 04:20 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-04-30 04:20 . 2010-04-30 04:20 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-04-30 04:20 . 2010-04-30 04:20 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-04-30 04:18 . 2010-04-30 04:18 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

2010-04-30 04:18 . 2010-04-30 04:18 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-04-30 04:12 . 2010-04-30 04:12 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-29 21:33 . 2008-09-07 04:52 -------- d-----r- c:\documents and settings\All Users\Application Data\SpeedBit

2010-05-29 21:14 . 2010-01-16 02:39 162432 ----a-w- c:\windows\system32\drivers\vidstub.sys

2010-05-29 21:10 . 2008-03-05 23:41 -------- d-s---w- c:\documents and settings\All Users\Application Data\Google Updater

2010-05-29 01:31 . 2008-04-14 12:00 2787328 ----a-w- c:\windows\system32\logonuiX.exe

2010-05-28 02:10 . 2008-03-10 12:10 -------- d-s---w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-05-27 02:05 . 2008-07-06 13:30 -------- d-s---w- c:\program files\Unlocker

2010-05-27 00:40 . 2010-02-26 02:31 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Toolbar4

2010-05-25 23:33 . 2010-02-01 07:09 -------- d-----r- c:\program files\SUPERAntiSpyware

2010-05-24 01:40 . 2010-04-06 03:01 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe

2010-05-24 01:40 . 2008-03-05 03:38 353576 ----a-w- c:\windows\system32\msvcr71.dll

2010-05-23 14:01 . 2008-03-11 00:24 12 ----a-w- c:\windows\zPCAtomicServ.bin

2010-05-14 03:57 . 2009-06-25 06:53 -------- d-----r- c:\program files\Common Files\snpstd3

2010-05-08 04:22 . 2008-03-05 02:11 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-08 04:06 . 2008-03-05 07:10 335592 ----a-w- c:\documents and settings\Stephen D Beakey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-08 01:05 . 2009-12-23 02:48 -------- d---a-r- c:\documents and settings\All Users\Application Data\TEMP

2010-05-02 01:46 . 2010-01-21 08:47 -------- d-----r- c:\program files\WinUtilities

2010-05-01 08:22 . 2010-02-15 01:30 -------- d-----r- c:\program files\Malwarebytes' Anti-Malware

2010-05-01 07:02 . 2008-04-18 11:14 -------- d-s---w- c:\program files\Realtek

2010-05-01 06:34 . 2010-05-01 06:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2010-05-01 06:34 . 2008-03-05 03:25 -------- d-s---w- c:\program files\Microsoft IntelliPoint

2010-05-01 03:14 . 2010-01-05 01:12 -------- d-----r- c:\program files\Java

2010-05-01 02:39 . 2010-03-18 07:14 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Skype

2010-05-01 01:20 . 2010-03-07 01:21 -------- d-----r- c:\program files\Skype

2010-05-01 01:20 . 2010-03-07 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-05-01 00:41 . 2008-04-05 05:23 -------- d-s---w- c:\program files\QuickTime

2010-04-30 05:57 . 2008-03-12 21:15 -------- d-s---w- c:\documents and settings\All Users\Application Data\CyberLink

2010-04-30 05:57 . 2008-03-12 07:12 -------- d-s---w- c:\documents and settings\Stephen D Beakey\Application Data\CyberLink

2010-04-30 05:56 . 2009-11-11 06:21 -------- d-----r- c:\program files\Common Files\CyberLink

2010-04-30 04:21 . 2010-03-24 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-04-30 04:20 . 2009-08-06 22:43 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-04-30 04:20 . 2010-03-24 06:15 -------- d-----w- c:\program files\DivX

2010-04-30 04:12 . 2008-03-23 03:55 -------- d-s---w- c:\program files\dvd43

2010-04-29 08:01 . 2009-07-25 08:17 -------- d-----r- c:\documents and settings\Stephen D Beakey\Application Data\Leawo

2010-04-29 07:52 . 2008-03-13 06:02 -------- d-s---w- c:\program files\ffdshow

2010-04-29 05:39 . 2009-07-06 19:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 05:39 . 2009-07-06 19:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 03:18 . 2009-07-10 01:15 -------- d-----r- c:\documents and settings\Stephen D Beakey\Application Data\ThumbsPlus

2010-04-20 00:15 . 2010-01-03 22:35 -------- d-----r- c:\documents and settings\All Users\Application Data\ThumbsPlus

2010-04-19 05:23 . 2010-04-19 05:23 117584 ----a-w- c:\windows\system32\drivers\pwipf6.sys

2010-04-16 08:13 . 2010-04-16 08:13 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Audio Extractor

2010-04-16 08:13 . 2009-11-20 00:31 1118 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Gold Audio Suite\ae\erdmpg4.sys

2010-04-16 08:12 . 2009-08-21 23:23 -------- d-----r- c:\documents and settings\Stephen D Beakey\Application Data\Gold Audio Suite

2010-04-16 03:25 . 2010-02-01 07:13 117760 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-04-16 02:56 . 2009-12-26 08:08 -------- d-----r- c:\documents and settings\All Users\Application Data\Sandlot Games

2010-04-16 01:46 . 2010-04-16 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest Software

2010-04-15 23:29 . 2009-10-25 20:59 -------- d-----r- c:\program files\Defraggler

2010-04-08 03:01 . 2010-04-08 01:54 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Magic3

2010-04-04 01:08 . 2010-04-04 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Bob Came In Pieces

2010-04-03 12:55 . 2010-01-12 02:03 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-04-03 12:55 . 2010-01-12 02:03 11647592 ----a-w- c:\windows\system32\nvcompiler.dll

2010-04-03 12:55 . 2009-12-23 01:23 6432128 ----a-w- c:\windows\system32\nv4_disp.dll

2010-04-03 12:55 . 2009-12-23 01:23 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-04-03 12:55 . 2009-09-27 23:12 4075520 ----a-w- c:\windows\system32\nvcuda.dll

2010-04-03 12:55 . 2009-09-27 23:12 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-04-03 12:55 . 2009-09-27 23:12 227944 ----a-w- c:\windows\system32\nvcodins.dll

2010-04-03 12:55 . 2009-09-27 23:12 227944 ----a-w- c:\windows\system32\nvcod.dll

2010-04-03 12:55 . 2009-09-27 23:12 2183470 ----a-w- c:\windows\system32\nvdata.bin

2010-04-03 12:55 . 2009-09-27 23:12 2030184 ----a-w- c:\windows\system32\nvcuvid.dll

2010-04-03 12:55 . 2009-09-27 23:12 14757888 ----a-w- c:\windows\system32\nvoglnt.dll

2010-04-03 12:55 . 2009-09-27 23:12 1097728 ----a-w- c:\windows\system32\nvapi.dll

2010-04-03 09:23 . 2010-04-03 09:23 278120 ----a-w- c:\windows\system32\nvmccs.dll

2010-04-03 09:23 . 2010-04-03 09:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe

2010-04-03 09:23 . 2010-04-03 09:23 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-04-03 09:23 . 2010-04-03 09:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

2010-04-03 09:23 . 2010-04-03 09:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-04-03 09:22 . 2010-04-03 09:22 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-03-31 08:15 . 2008-03-16 12:09 -------- d-s---w- c:\documents and settings\Stephen D Beakey\Application Data\Stardock

2010-03-31 01:58 . 2010-04-30 04:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2010-03-31 01:58 . 2010-04-30 04:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2010-03-31 01:58 . 2010-04-30 04:19 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys

2010-03-31 01:58 . 2010-04-30 04:19 133616 ------w- c:\windows\system32\pxafs.dll

2010-03-31 01:58 . 2010-04-30 04:19 125424 ------w- c:\windows\system32\pxinsi64.exe

2010-03-31 01:58 . 2010-04-30 04:19 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-03-29 01:12 . 2010-02-26 00:55 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-03-29 01:12 . 2010-02-01 06:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-03-22 06:30 . 2009-12-23 01:54 222672 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2010-03-19 22:23 . 2010-03-27 11:57 426358 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll

2010-03-19 22:23 . 2010-03-27 11:57 373108 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll

2010-03-17 14:05 . 2010-03-27 11:57 254323 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll

2010-03-17 14:05 . 2010-03-27 11:57 1024378 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll

2010-03-17 14:05 . 2010-03-27 11:57 541043 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll

2010-03-17 14:04 . 2010-03-27 11:57 201083 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll

2010-03-17 14:04 . 2010-03-27 11:57 2470262 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll

2010-03-17 14:04 . 2010-03-27 11:57 237941 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll

2010-03-17 14:04 . 2010-03-27 11:57 188789 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll

2010-03-10 06:15 . 2008-04-14 12:00 420352 ------w- c:\windows\system32\vbscript.dll

2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll

2010-03-08 08:17 . 2009-11-28 03:27 365 ----a-w- C:\shutdown.bat

2010-03-05 05:40 . 2010-03-05 05:40 26582 ----a-r- c:\documents and settings\Stephen D Beakey\Application Data\Microsoft\Installer\{21774D47-F414-4560-9E85-F04F38A6CA6A}\_18be6784.exe

2008-07-08 11:35 . 2008-01-08 07:28 351232 ----a-w- c:\program files\state.spp

2006-11-18 07:27 . 2006-11-18 07:27 8 --sha-r- c:\windows\neoqaz2.dll

.

------- Sigcheck -------

[-] 2010-02-01 05:10 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe

[-] 2010-02-01 05:10 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\dllcache\ctfmon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\avg\AVGLS\Toolbar\IEToolbar.dll" [2009-06-25 1032192]

"{ad55c869-668e-457c-b270-0cfb2f61116f}"= "c:\program files\livetvbar\tbliv0.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13e0b548-6fc9-47e9-9874-470915f46548}]

2010-05-29 21:40 2515552 ----a-w- c:\program files\Cdcovers\tbCdc1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-25 15:31 1032192 ----a-w- d:\avg\AVGLS\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\avg\AVGLS\Toolbar\IEToolbar.dll" [2009-06-25 1032192]

"{13e0b548-6fc9-47e9-9874-470915f46548}"= "c:\program files\Cdcovers\tbCdc1.dll" [2010-05-29 2515552]

"{ad55c869-668e-457c-b270-0cfb2f61116f}"= "c:\program files\livetvbar\tbliv0.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{13e0b548-6fc9-47e9-9874-470915f46548}]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{13E0B548-6FC9-47E9-9874-470915F46548}"= "c:\program files\Cdcovers\tbCdc1.dll" [2010-05-29 2515552]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\avg\AVGLS\Toolbar\IEToolbar.dll" [2009-06-25 1032192]

"{AD55C869-668E-457C-B270-0CFB2F61116F}"= "c:\program files\livetvbar\tbliv0.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{13e0b548-6fc9-47e9-9874-470915f46548}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartupDelayer"="d:\startup delayer\Startup Launcher.exe" [2009-03-08 73728]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\pfgui.exe" [2010-05-13 2445840]

"BootSkin Startup Jobs"="d:\stardock\Wincustomize\Bootskin\bootskin.exe" [2004-04-26 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFavoritesMenu"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoStartMenuMyMusic"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

"ForceCopyAclwithFile"= 1 (0x1)

"NoFavoritesMenu"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoStartMenuMyMusic"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "d:\stardock\ObjectDock\ODMenu.dll" [2010-03-24 511344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "d:\dvd programmes\DVD Ghost\ExecuteHooker.dll" [2004-07-27 90112]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "d:\dvdpro~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 04:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 04:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2010-02-03 06:11 172336 ----a-w- d:\stardock\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bootvis.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FolderMarker.ico]

backup=c:\windows\pss\FolderMarker.icoCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Animated Wallpaper Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^FolderMarker.ico]

backup=c:\windows\pss\FolderMarker.icoStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Hawkscope.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Impulse Now.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^ImpulseNow.lnk]

path=

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Scheduler.lnk]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Icon Remover

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\'Ashampoo AntiSpyWare 2 Guard']

2009-07-15 00:44 2376536 ----a-w- d:\ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- d:\adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

2010-04-01 23:11 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]

2010-02-20 08:29 84464 ----a-w- d:\roxio\Roxio 2010\5.0\CPMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2010-02-01 05:10 24064 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefragTaskBar]

2009-12-16 00:21 927072 ----a-w- d:\ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskMateAutoUpdate]

2009-04-21 05:44 25896 ----a-w- c:\progra~1\DeskMates\DeskMateAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]

2010-02-20 08:31 494064 ----a-w- d:\roxio\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopIconToy]

2009-12-22 11:16 454656 ----a-w- d:\desktop icon toy\DesktopIconToy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

2007-02-25 15:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]

2007-07-11 06:09 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-09-05 13:40 133104 ----atw- c:\documents and settings\Stephen D Beakey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2009-05-08 07:14 1116696 ----a-w- d:\nero 9\Nero 9\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]

2009-01-12 11:01 681256 ----a-w- d:\cyberl~1\INSTAN~1\Win2K\IBurn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBHGui]

2009-05-08 07:14 1593880 ----a-w- d:\nero 9\Nero 9\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2010-03-31 13:30 1657448 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 11:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2010-02-21 09:53 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-05-21 06:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stardock Central]

2006-10-03 04:20 395000 ----a-w- d:\stardock\Component Tray\sdctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Manager]

2009-02-17 07:56 918760 ----a-w- d:\advanced system optimizer\startUp manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-03-05 23:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]

2005-12-20 04:39 94208 ----a-w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-12-18 00:30 39424 ----a-w- d:\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XArp]

2008-03-24 16:01 1333760 ----a-w- c:\program files\XArp\XArpGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"InCDsrv"=2 (0x2)

"Bonjour Service"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"VideoAcceleratorService"=2 (0x2)

"RichVideo"=2 (0x2)

"iPod Service"=3 (0x3)

"Z-Cron"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"0121221240290827mcinstcleanup"=2 (0x2)

"LiveUpdate Notice"=2 (0x2)

"LiveUpdate"=3 (0x3)

"avg8emc"=2 (0x2)

"Automatic LiveUpdate Scheduler"=2 (0x2)

"C-DillaCdaC11BA"=2 (0x2)

"aawservice"=2 (0x2)

"WSearch"=2 (0x2)

"NMIndexingService"=3 (0x3)

"CiSvc"=2 (0x2)

"NBService"=3 (0x3)

"TermService"=3 (0x3)

"RDSessMgr"=3 (0x3)

"mnmsrvc"=3 (0x3)

"LogMeIn"=2 (0x2)

"LMIMaint"=2 (0x2)

"ICQ Service"=2 (0x2)

"gusvc"=2 (0x2)

"gupdate1c9d099f296cc74"=2 (0x2)

"AcrSch2Svc"=2 (0x2)

"avg8wd"=2 (0x2)

"Process Blocker"=2 (0x2)

"ThreatFire"=2 (0x2)

"9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269"=3 (0x3)

"NeroRegInCDSrv"=3 (0x3)

"TGService"=3 (0x3)

"STSService"=3 (0x3)

"RGService"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Desktop3D"=d:\desktop3d\Desktop3D_DX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\CyberLink\\PowerDirector\\PDR.exe"=

"d:\\FrostWire\\FrostWire.exe"=

"d:\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImSc.exe"=

"d:\\AVG\\AVGLS\\avgupd.exe"=

"d:\\AVG\\AVGLS\\avgnsx.exe"=

"c:\\Program Files\\360desktop\\360desktop.exe"=

"c:\\Program Files\\360desktop\\360manager.exe"=

"d:\\ICQ6.5\\ICQ.exe"=

"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"d:\\Browsers\\Opera\\opera.exe"=

"d:\\Browsers\\Mozilla Firefox\\firefox.exe"=

"g:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=

"g:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=

"d:\\Tidy Favorites\\TidyFavorites.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:DCOM(135)

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [11/10/2009 1:52 AM 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [11/10/2009 1:51 AM 15856]

R1 AvgLdx86;AVG LinkScanner

Link to post
Share on other sites
Elise

Elise

Posted
Posted

There appears the be a problem with your ctfmon.exe file (it is patched). Before searching for a way to replace it, I'd like to upload a copy to see what has patched it.

UPLOAD A FILE

--------------------

We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

c:\windows\system32\ctfmon.exe

If you get the message that the file has already been scanned before, please click Reanalyse file now.

Please post back the results of the scan in your next post.

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Elise, Thank you again. The programme ctfmon.exe has been disabled in accordance with the Microsoft Knowledge Base. Microsoft Office had been installed but abandoned. I now use Open Office and the functions of ctfmon.exe are not required on this system. Thanking you. Dave

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hi Dave,

Nevertheless, I'd like to know what we are dealing with here. the file is there and patched. If not needed, we would just delete it, but malware likes to bring company. If we know what infection this file belongs to, we can look if other components of that particular malware (if they exist) are also there on your computer.

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Elise, Thanks for the explanation. I have deleted five instances of ctfmon.exe (including Prefetch file) from this system. I had executed defogger.exe previously and I thought that this would prevent my DVD/CD from functioning. During the process of getting rid of this file, I found that, after a message that the system needed this file and that I was to place my Installation CD into the drive, that the above file was re-established. I was then able to delete this file from the system. There are no instances of this file on this system now and from what I can ascertain, no instances of Microsoft Office remain. Right. Next step please. Regards. Dave

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Elise, G'day. Please find attached the ComboFix.txt file. Have a good one. Dave :

ComboFix 10-06-01.01 - Stephen D Beakey 02/06/2010 9:41.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3583.2857 [GMT 10:00]

Running from: c:\downloads\M'Bytes files\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

FW: Privatefirewall *disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

.

((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))

.

2010-05-27 01:23 . 2010-05-27 01:23 -------- d-----w- c:\program files\ESET

2010-05-23 14:54 . 2010-05-23 14:54 42 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E339AE8E2A3026E4F92518C227EBA2B6.dll

2010-05-23 13:31 . 2010-05-23 13:31 -------- d-----w- c:\documents and settings\Stephen D Beakey\Local Settings\Application Data\Privatefirewall

2010-05-23 13:25 . 2010-05-23 13:25 -------- d-----w- c:\program files\Privacyware

2010-05-23 13:25 . 2010-05-23 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Privacyware

2010-05-23 08:59 . 2010-05-23 08:59 -------- d-----w- c:\program files\Sunbelt Software

2010-05-23 07:48 . 2005-07-13 06:53 9322496 ----a-w- c:\windows\system32\3D Waterfall Screensaver.scr

2010-05-14 03:48 . 1999-07-12 02:45 0 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\InstallShield\ISEngine12.0\objectps.dll

2010-05-14 02:58 . 2010-05-14 03:58 -------- d-----w- c:\program files\SkypeMate

2010-05-14 02:56 . 2006-05-17 03:14 20480 ----a-w- c:\windows\CameraFixer.exe

2010-05-14 02:56 . 2005-12-23 07:17 53248 ----a-w- c:\windows\vsnpstd3.dll

2010-05-14 02:56 . 2004-12-08 08:40 20480 ----a-w- c:\windows\usnpstd3.exe

2010-05-12 05:10 . 2010-05-12 05:10 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_74D47712414F0654E9580FF4836AACA6.dll

2010-05-12 05:10 . 2010-05-12 05:10 4912 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DE532CED4A8571542A874CE1D8EABAB3.dll

2010-05-12 05:10 . 2010-05-12 05:10 3952 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E603EB826AD5C9F4DB0BBD3A8C6CFFDF.dll

2010-05-12 05:10 . 2010-05-12 05:10 287 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E12BB76A914DBB54BA68D7781DB4CB2E.dll

2010-05-12 05:10 . 2010-05-12 05:10 272 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AAAC58F1687BB5E4AADD36886599E23F.dll

2010-05-12 05:10 . 2010-05-12 05:10 27 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120602FF.dll

2010-05-12 05:10 . 2010-05-12 05:10 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952D7EE5731D8344A9F5244F23CE4012.dll

2010-05-12 05:10 . 2010-05-12 05:10 546 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3F552355DF871F046A8F8628412056EF.dll

2010-05-12 05:10 . 2010-05-12 05:10 409 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2CBA75073FFE34E48960B8BCE6AEF96E.dll

2010-05-12 05:10 . 2010-05-12 05:10 131 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E9201899CF73FC4BA93F631631229A1.dll

2010-05-12 05:10 . 2010-05-12 05:10 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_38A474C5F54AC074A98CB21D2C15FBA9.dll

2010-05-08 01:05 . 2010-05-08 04:21 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-01 23:13 . 2010-01-16 02:39 162432 ----a-w- c:\windows\system32\drivers\vidstub.sys

2010-06-01 23:03 . 2008-04-14 12:00 2869248 ----a-w- c:\windows\system32\logonuiX.exe

2010-05-31 23:59 . 2008-03-05 23:41 -------- d-s---w- c:\documents and settings\All Users\Application Data\Google Updater

2010-05-31 04:17 . 2010-02-27 03:30 -------- d-----w- c:\program files\Real Alternative

2010-05-29 21:33 . 2008-09-07 04:52 -------- d-----r- c:\documents and settings\All Users\Application Data\SpeedBit

2010-05-28 02:10 . 2008-03-10 12:10 -------- d-s---w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-05-27 02:05 . 2008-07-06 13:30 -------- d-s---w- c:\program files\Unlocker

2010-05-27 00:40 . 2010-02-26 02:31 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Toolbar4

2010-05-25 23:33 . 2010-02-01 07:09 -------- d-----r- c:\program files\SUPERAntiSpyware

2010-05-24 01:40 . 2010-04-06 03:01 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe

2010-05-24 01:40 . 2008-03-05 03:38 353576 ----a-w- c:\windows\system32\msvcr71.dll

2010-05-23 14:01 . 2008-03-11 00:24 12 ----a-w- c:\windows\zPCAtomicServ.bin

2010-05-14 03:57 . 2009-06-25 06:53 -------- d-----r- c:\program files\Common Files\snpstd3

2010-05-08 04:22 . 2008-03-05 02:11 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-08 04:06 . 2008-03-05 07:10 335592 ----a-w- c:\documents and settings\Stephen D Beakey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-08 01:05 . 2009-12-23 02:48 -------- d---a-r- c:\documents and settings\All Users\Application Data\TEMP

2010-05-02 01:46 . 2010-01-21 08:47 -------- d-----r- c:\program files\WinUtilities

2010-05-01 08:22 . 2010-02-15 01:30 -------- d-----r- c:\program files\Malwarebytes' Anti-Malware

2010-05-01 08:20 . 2010-05-01 08:20 711168 ----a-w- c:\windows\is-S7V82.exe

2010-05-01 07:54 . 2010-05-01 07:54 711168 ----a-w- c:\windows\is-105LB.exe

2010-05-01 07:02 . 2008-04-18 11:14 -------- d-s---w- c:\program files\Realtek

2010-05-01 06:34 . 2010-05-01 06:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2010-05-01 06:34 . 2008-03-05 03:25 -------- d-s---w- c:\program files\Microsoft IntelliPoint

2010-05-01 05:37 . 2010-05-01 05:37 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\DeviceDoctorSoftware

2010-05-01 05:37 . 2010-05-01 05:37 -------- d-----w- c:\program files\Device Doctor

2010-05-01 03:14 . 2010-05-01 03:14 503808 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38cf09b1-n\msvcp71.dll

2010-05-01 03:14 . 2010-05-01 03:14 499712 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38cf09b1-n\jmc.dll

2010-05-01 03:14 . 2010-05-01 03:14 348160 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38cf09b1-n\msvcr71.dll

2010-05-01 03:14 . 2010-05-01 03:14 61440 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-34e6bd49-n\decora-sse.dll

2010-05-01 03:14 . 2010-05-01 03:14 12800 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-34e6bd49-n\decora-d3d.dll

2010-05-01 03:14 . 2010-05-01 03:14 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-01 03:14 . 2010-01-05 01:12 -------- d-----r- c:\program files\Java

2010-05-01 02:39 . 2010-03-18 07:14 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Skype

2010-05-01 01:20 . 2010-03-07 01:21 -------- d-----r- c:\program files\Skype

2010-05-01 01:20 . 2010-03-07 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-05-01 00:41 . 2008-04-05 05:23 -------- d-s---w- c:\program files\QuickTime

2010-05-01 00:31 . 2010-05-01 00:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-04-30 05:57 . 2008-03-12 21:15 -------- d-s---w- c:\documents and settings\All Users\Application Data\CyberLink

2010-04-30 05:57 . 2008-03-12 07:12 -------- d-s---w- c:\documents and settings\Stephen D Beakey\Application Data\CyberLink

2010-04-30 05:56 . 2009-11-11 06:21 -------- d-----r- c:\program files\Common Files\CyberLink

2010-04-30 05:54 . 2010-04-30 05:54 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe

2010-04-30 04:21 . 2010-03-24 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-04-30 04:20 . 2010-04-30 04:20 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-04-30 04:20 . 2009-08-06 22:43 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-04-30 04:20 . 2010-04-30 04:20 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-04-30 04:20 . 2010-04-30 04:20 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-04-30 04:20 . 2010-03-24 06:15 -------- d-----w- c:\program files\DivX

2010-04-30 04:20 . 2010-04-30 04:20 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-04-30 04:20 . 2010-04-30 04:20 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-04-30 04:18 . 2010-04-30 04:18 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

2010-04-30 04:18 . 2010-04-30 04:20 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-04-30 04:18 . 2010-04-30 04:18 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-04-30 04:12 . 2010-04-30 04:12 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys

2010-04-30 04:12 . 2008-03-23 03:55 -------- d-s---w- c:\program files\dvd43

2010-04-29 08:01 . 2009-07-25 08:17 -------- d-----r- c:\documents and settings\Stephen D Beakey\Application Data\Leawo

2010-04-29 07:52 . 2008-03-13 06:02 -------- d-s---w- c:\program files\ffdshow

2010-04-29 05:39 . 2009-07-06 19:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 05:39 . 2009-07-06 19:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 22:51 . 2010-04-30 04:20 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-04-20 03:18 . 2009-07-10 01:15 -------- d-----r- c:\documents and settings\Stephen D Beakey\Application Data\ThumbsPlus

2010-04-20 00:15 . 2010-01-03 22:35 -------- d-----r- c:\documents and settings\All Users\Application Data\ThumbsPlus

2010-04-19 05:23 . 2010-04-19 05:23 117584 ----a-w- c:\windows\system32\drivers\pwipf6.sys

2010-04-16 08:13 . 2010-04-16 08:13 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Audio Extractor

2010-04-16 08:13 . 2009-11-20 00:31 1118 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Gold Audio Suite\ae\erdmpg4.sys

2010-04-16 08:12 . 2009-08-21 23:23 -------- d-----r- c:\documents and settings\Stephen D Beakey\Application Data\Gold Audio Suite

2010-04-16 03:25 . 2010-02-01 07:13 117760 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-04-16 02:56 . 2009-12-26 08:08 -------- d-----r- c:\documents and settings\All Users\Application Data\Sandlot Games

2010-04-16 01:46 . 2010-04-16 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest Software

2010-04-15 23:29 . 2009-10-25 20:59 -------- d-----r- c:\program files\Defraggler

2010-04-08 03:01 . 2010-04-08 01:54 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Magic3

2010-04-04 01:08 . 2010-04-04 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Bob Came In Pieces

2010-04-03 12:55 . 2010-01-12 02:03 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-04-03 12:55 . 2010-01-12 02:03 11647592 ----a-w- c:\windows\system32\nvcompiler.dll

2010-04-03 12:55 . 2009-12-23 01:23 6432128 ----a-w- c:\windows\system32\nv4_disp.dll

2010-04-03 12:55 . 2009-12-23 01:23 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-04-03 12:55 . 2009-09-27 23:12 4075520 ----a-w- c:\windows\system32\nvcuda.dll

2010-04-03 12:55 . 2009-09-27 23:12 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-04-03 12:55 . 2009-09-27 23:12 227944 ----a-w- c:\windows\system32\nvcodins.dll

2010-04-03 12:55 . 2009-09-27 23:12 227944 ----a-w- c:\windows\system32\nvcod.dll

2010-04-03 12:55 . 2009-09-27 23:12 2183470 ----a-w- c:\windows\system32\nvdata.bin

2010-04-03 12:55 . 2009-09-27 23:12 2030184 ----a-w- c:\windows\system32\nvcuvid.dll

2010-04-03 12:55 . 2009-09-27 23:12 14757888 ----a-w- c:\windows\system32\nvoglnt.dll

2010-04-03 12:55 . 2009-09-27 23:12 1097728 ----a-w- c:\windows\system32\nvapi.dll

2010-04-03 09:23 . 2010-04-03 09:23 278120 ----a-w- c:\windows\system32\nvmccs.dll

2010-04-03 09:23 . 2010-04-03 09:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe

2010-04-03 09:23 . 2010-04-03 09:23 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-04-03 09:23 . 2010-04-03 09:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

2010-04-03 09:23 . 2010-04-03 09:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-04-03 09:22 . 2010-04-03 09:22 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-03-31 01:58 . 2010-04-30 04:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2010-03-31 01:58 . 2010-04-30 04:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2010-03-31 01:58 . 2010-04-30 04:19 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys

2010-03-31 01:58 . 2010-04-30 04:19 133616 ------w- c:\windows\system32\pxafs.dll

2010-03-31 01:58 . 2010-04-30 04:19 125424 ------w- c:\windows\system32\pxinsi64.exe

2010-03-31 01:58 . 2010-04-30 04:19 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-03-29 01:12 . 2010-02-26 00:55 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-03-29 01:12 . 2010-02-01 06:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-03-22 06:30 . 2009-12-23 01:54 222672 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2010-03-19 22:23 . 2010-03-27 11:57 426358 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll

2010-03-19 22:23 . 2010-03-27 11:57 373108 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll

2006-11-18 07:27 . 2006-11-18 07:27 8 --sha-r- c:\windows\neoqaz2.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-05-29_21.54.32 )))))))))))))))))))))))))))))))))))))))))

.

- 2010-05-12 05:09 . 2010-05-29 21:09 32768 c:\windows\TEMP\Temporary Internet Files\Content.IE5\index.dat

+ 2010-05-12 05:09 . 2010-06-01 23:14 32768 c:\windows\TEMP\Temporary Internet Files\Content.IE5\index.dat

+ 2010-06-01 23:09 . 2010-06-01 23:09 16384 c:\windows\TEMP\Perflib_Perfdata_520.dat

+ 2010-06-01 23:09 . 2010-06-01 23:09 16384 c:\windows\TEMP\Perflib_Perfdata_3f4.dat

+ 2010-05-12 05:09 . 2010-06-01 23:14 16384 c:\windows\TEMP\History\History.IE5\index.dat

- 2010-05-12 05:09 . 2010-05-29 21:09 16384 c:\windows\TEMP\History\History.IE5\index.dat

- 2010-05-12 05:09 . 2010-05-29 21:09 16384 c:\windows\TEMP\Cookies\index.dat

+ 2010-05-12 05:09 . 2010-06-01 23:14 16384 c:\windows\TEMP\Cookies\index.dat

+ 2009-09-02 04:18 . 2010-04-16 11:43 41984 c:\windows\system32\dllcache\iecompat.dll

+ 2010-06-01 01:52 . 2010-02-16 04:50 64000 c:\windows\ie8updates\KB982632-IE8\iecompat.dll

- 2009-06-24 04:34 . 2010-05-29 21:12 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat

+ 2009-06-24 04:34 . 2010-06-01 23:09 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat

+ 2010-06-01 01:52 . 2009-05-26 09:01 382840 c:\windows\ie8updates\KB982632-IE8\spuninst\updspapi.dll

+ 2010-06-01 01:52 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB982632-IE8\spuninst\spuninst.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\avg\AVGLS\Toolbar\IEToolbar.dll" [2009-06-25 1032192]

"{ad55c869-668e-457c-b270-0cfb2f61116f}"= "c:\program files\livetvbar\tbliv0.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13e0b548-6fc9-47e9-9874-470915f46548}]

2010-05-29 21:40 2515552 ----a-w- c:\program files\Cdcovers\tbCdc1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-25 15:31 1032192 ----a-w- d:\avg\AVGLS\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\avg\AVGLS\Toolbar\IEToolbar.dll" [2009-06-25 1032192]

"{13e0b548-6fc9-47e9-9874-470915f46548}"= "c:\program files\Cdcovers\tbCdc1.dll" [2010-05-29 2515552]

"{ad55c869-668e-457c-b270-0cfb2f61116f}"= "c:\program files\livetvbar\tbliv0.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{13e0b548-6fc9-47e9-9874-470915f46548}]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{13E0B548-6FC9-47E9-9874-470915F46548}"= "c:\program files\Cdcovers\tbCdc1.dll" [2010-05-29 2515552]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\avg\AVGLS\Toolbar\IEToolbar.dll" [2009-06-25 1032192]

"{AD55C869-668E-457C-B270-0CFB2F61116F}"= "c:\program files\livetvbar\tbliv0.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{13e0b548-6fc9-47e9-9874-470915f46548}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartupDelayer"="d:\startup delayer\Startup Launcher.exe" [2009-03-08 73728]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\pfgui.exe" [2010-05-13 2445840]

"BootSkin Startup Jobs"="d:\stardock\Wincustomize\Bootskin\bootskin.exe" [2004-04-26 270336]

c:\documents and settings\Stephen D Beakey\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - d:\stardock\ObjectDock\ObjectDock.exe [2007-8-7 4069232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFavoritesMenu"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoStartMenuMyMusic"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

"ForceCopyAclwithFile"= 1 (0x1)

"NoFavoritesMenu"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoStartMenuMyMusic"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "d:\stardock\ObjectDock\ODMenu.dll" [2010-03-24 511344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "d:\dvd programmes\DVD Ghost\ExecuteHooker.dll" [2004-07-27 90112]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "d:\dvdpro~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 04:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 04:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2010-02-03 06:11 172336 ----a-w- d:\stardock\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bootvis.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FolderMarker.ico]

backup=c:\windows\pss\FolderMarker.icoCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Animated Wallpaper Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^FolderMarker.ico]

backup=c:\windows\pss\FolderMarker.icoStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Hawkscope.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Impulse Now.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^ImpulseNow.lnk]

path=

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Scheduler.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\'Ashampoo AntiSpyWare 2 Guard']

2009-07-15 00:44 2376536 ----a-w- d:\ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- d:\adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

2010-04-01 23:11 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]

2010-02-20 08:29 84464 ----a-w- d:\roxio\Roxio 2010\5.0\CPMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefragTaskBar]

2009-12-16 00:21 927072 ----a-w- d:\ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskMateAutoUpdate]

2009-04-21 05:44 25896 ----a-w- c:\progra~1\DeskMates\DeskMateAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]

2010-02-20 08:31 494064 ----a-w- d:\roxio\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopIconToy]

2009-12-22 11:16 454656 ----a-w- d:\desktop icon toy\DesktopIconToy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

2007-02-25 15:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]

2007-07-11 06:09 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-09-05 13:40 133104 ----atw- c:\documents and settings\Stephen D Beakey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2009-05-08 07:14 1116696 ----a-w- d:\nero 9\Nero 9\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]

2009-01-12 11:01 681256 ----a-w- d:\cyberl~1\INSTAN~1\Win2K\IBurn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBHGui]

2009-05-08 07:14 1593880 ----a-w- d:\nero 9\Nero 9\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2010-03-31 13:30 1657448 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 11:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2010-02-21 09:53 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-05-21 06:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stardock Central]

2006-10-03 04:20 395000 ----a-w- d:\stardock\Component Tray\sdctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Manager]

2009-02-17 07:56 918760 ----a-w- d:\advanced system optimizer\startUp manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-03-05 23:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]

2005-12-20 04:39 94208 ----a-w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-12-18 00:30 39424 ----a-w- d:\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XArp]

2008-03-24 16:01 1333760 ----a-w- c:\program files\XArp\XArpGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"InCDsrv"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"RichVideo"=2 (0x2)

"Z-Cron"=2 (0x2)

"0121221240290827mcinstcleanup"=2 (0x2)

"LiveUpdate Notice"=2 (0x2)

"LiveUpdate"=3 (0x3)

"avg8emc"=2 (0x2)

"Automatic LiveUpdate Scheduler"=2 (0x2)

"aawservice"=2 (0x2)

"WSearch"=2 (0x2)

"NMIndexingService"=3 (0x3)

"CiSvc"=2 (0x2)

"NBService"=3 (0x3)

"TermService"=3 (0x3)

"RDSessMgr"=3 (0x3)

"mnmsrvc"=3 (0x3)

"LMIMaint"=2 (0x2)

"gusvc"=2 (0x2)

"gupdate1c9d099f296cc74"=2 (0x2)

"AcrSch2Svc"=2 (0x2)

"avg8wd"=2 (0x2)

"Process Blocker"=2 (0x2)

"9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269"=3 (0x3)

"NeroRegInCDSrv"=3 (0x3)

"TGService"=3 (0x3)

"STSService"=3 (0x3)

"RGService"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Desktop3D"=d:\desktop3d\Desktop3D_DX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\CyberLink\\PowerDirector\\PDR.exe"=

"d:\\FrostWire\\FrostWire.exe"=

"d:\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImSc.exe"=

"d:\\AVG\\AVGLS\\avgupd.exe"=

"d:\\AVG\\AVGLS\\avgnsx.exe"=

"c:\\Program Files\\360desktop\\360desktop.exe"=

"c:\\Program Files\\360desktop\\360manager.exe"=

"d:\\ICQ6.5\\ICQ.exe"=

"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"d:\\Browsers\\Opera\\opera.exe"=

"d:\\Browsers\\Mozilla Firefox\\firefox.exe"=

"g:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=

"g:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=

"d:\\Tidy Favorites\\TidyFavorites.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:DCOM(135)

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [11/10/2009 1:52 AM 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [11/10/2009 1:51 AM 15856]

R1 AvgLdx86;AVG LinkScanner

Link to post
Share on other sites
Elise

Elise

Posted
Posted

I have to say you have an amazing amount of programs on your computer :)

First of all this:

I notice the presence of Wise Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners for several reasons.

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Now please, launch MBAM, update it first and run a full scan. Please post me the resulting log.

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Elise, O.K. Registry Cleaners. I use the Cleaner to remove leftover crud, particularly after the uninstall of unwanted programmes. Programmes like Total Uninstall and Revo Uninstaller Pro still leave behind rubbish. My Registry is safe as I use ERUNT or ERDNT to backup my Registry at each boot, a programme which I find is 100% accurate. I never use Windows System Restore or any backup from any other programme. In the recent past I can restore a registry to any day over the past 8 days, and long term, back over 2 months on a weekly basis. I always know what to re-install as I keep a copy of any such programme and install them according to the date attribute of each file. I have seen cleaners which are most unreliable, however I am extremely judicious in what I remove from the Registry, and never accept the arbitrary entries of a Cleaner as Gospel truth. In any event I keep four weekly backups of my C and D partitions, with two backups of my E and G Partitions, so if all else fails I have them to fall back on. In the past 4 years I have only had to reinstall a backup on two occasions, and all programmes on the system execute according to my defaults. I hope this puts your mind at rest as regards this particular system.

Anyway, here is the latest Malwarebyte's Log file. Cheers. Dave

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4165

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

3/06/2010 8:56:31 AM

mbam-log-2010-06-03 (08-56-31).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 518995

Time elapsed: 1 hour(s), 25 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hi Dave,

As long as you are aware of what you do with registry cleaners, its okay, after all its your computer :)

And ERUNT is indeed an excellent tool to backup, good choice!

However, there are a few permissions set in your registry that are not supposed to be there and that can cause you trouble in the future, so lets fix those.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

RegLock::
[HKEY_USERS\S-1-5-21-789336058-1343024091-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

RegNull::
[HKEY_USERS\S-1-5-21-789336058-1343024091-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8018A6CA-2BEE-2D79-56B3-96E21FAD4945}*]
[HKEY_USERS\S-1-5-21-789336058-1343024091-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C94E2AA9-944F-E067-DB9D-BEDDCA7E0ADD}*] [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A9486A5D-8E1B-6F6E-55C8-0BCF4A35823B}\InProcServer32*]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    2. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    3. Double click on the ESET smart install icon on your desktop.

    4. Check Accept Terms
    5. Click the esetStart.png button.
    6. Accept any security warnings from your browser.
    7. Check esetScanArchives.png
    8. Push the Start button.
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, push esetListThreats.png
    11. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    12. Push the esetBack.png button.
    13. Push esetFinish.png

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Elise, G'day. Just a few things. The ESET Scan marked CrashRptHelp.dll as being 'probably' infected with the Win32/Genetik Trpkan. This is a definite false positive as the file is in my Stardock/Objectdock directory and necessary for the proper execution of Stardock/Objectdock. It was restored. ComboFix has mucked up many settings including Services, with the Event Log showing several Error messages.. I will have to restore them manually. The system now takes just under 10 minutes from Logon Screen to final execution of processes. Previously the system would boot somewhere between 3 and 4 minutes, however there should be little trouble in restoring some of the settings, or it could be the Services processes. Anyway this is just to let you know. Regards. Dave

ComboFix Log

ComboFix 10-06-02.03 - Stephen D Beakey 03/06/2010 18:34:59.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3583.2862 [GMT 10:00]

Running from: d:\temp\M'Bytes files\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

FW: Privatefirewall *disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

.

((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))

.

2010-05-27 01:23 . 2010-05-27 01:23 -------- d-----w- c:\program files\ESET

2010-05-23 14:54 . 2010-05-23 14:54 42 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E339AE8E2A3026E4F92518C227EBA2B6.dll

2010-05-23 13:31 . 2010-05-23 13:31 -------- d-----w- c:\documents and settings\Stephen D Beakey\Local Settings\Application Data\Privatefirewall

2010-05-23 13:25 . 2010-05-23 13:25 -------- d-----w- c:\program files\Privacyware

2010-05-23 13:25 . 2010-05-23 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Privacyware

2010-05-23 08:59 . 2010-05-23 08:59 -------- d-----w- c:\program files\Sunbelt Software

2010-05-23 07:48 . 2005-07-13 06:53 9322496 ----a-w- c:\windows\system32\3D Waterfall Screensaver.scr

2010-05-14 03:48 . 1999-07-12 02:45 0 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\InstallShield\ISEngine12.0\objectps.dll

2010-05-14 02:58 . 2010-05-14 03:58 -------- d-----w- c:\program files\SkypeMate

2010-05-14 02:56 . 2006-05-17 03:14 20480 ----a-w- c:\windows\CameraFixer.exe

2010-05-14 02:56 . 2005-12-23 07:17 53248 ----a-w- c:\windows\vsnpstd3.dll

2010-05-14 02:56 . 2004-12-08 08:40 20480 ----a-w- c:\windows\usnpstd3.exe

2010-05-12 05:10 . 2010-05-12 05:10 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_74D47712414F0654E9580FF4836AACA6.dll

2010-05-12 05:10 . 2010-05-12 05:10 4912 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DE532CED4A8571542A874CE1D8EABAB3.dll

2010-05-12 05:10 . 2010-05-12 05:10 3952 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E603EB826AD5C9F4DB0BBD3A8C6CFFDF.dll

2010-05-12 05:10 . 2010-05-12 05:10 287 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E12BB76A914DBB54BA68D7781DB4CB2E.dll

2010-05-12 05:10 . 2010-05-12 05:10 272 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AAAC58F1687BB5E4AADD36886599E23F.dll

2010-05-12 05:10 . 2010-05-12 05:10 27 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120602FF.dll

2010-05-12 05:10 . 2010-05-12 05:10 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952D7EE5731D8344A9F5244F23CE4012.dll

2010-05-12 05:10 . 2010-05-12 05:10 546 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3F552355DF871F046A8F8628412056EF.dll

2010-05-12 05:10 . 2010-05-12 05:10 409 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_2CBA75073FFE34E48960B8BCE6AEF96E.dll

2010-05-12 05:10 . 2010-05-12 05:10 131 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E9201899CF73FC4BA93F631631229A1.dll

2010-05-12 05:10 . 2010-05-12 05:10 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_38A474C5F54AC074A98CB21D2C15FBA9.dll

2010-05-08 01:05 . 2010-05-08 04:21 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-03 08:30 . 2008-03-10 12:10 -------- d-s---w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-06-03 08:30 . 2010-02-01 07:09 -------- d-----r- c:\program files\SUPERAntiSpyware

2010-06-03 08:14 . 2010-01-16 02:39 162432 ----a-w- c:\windows\system32\drivers\vidstub.sys

2010-06-03 08:05 . 2008-04-14 12:00 2008576 ----a-w- c:\windows\system32\logonuiX.exe

2010-06-03 06:20 . 2008-07-24 03:06 -------- d-s---w- c:\program files\Common Files\McAfee

2010-06-03 06:20 . 2008-03-06 00:47 -------- d-s---w- c:\documents and settings\All Users\Application Data\McAfee

2010-06-03 06:15 . 2008-03-06 00:47 -------- d-s---w- c:\documents and settings\All Users\Application Data\SiteAdvisor

2010-06-02 11:25 . 2008-03-05 23:41 -------- d-s---w- c:\documents and settings\All Users\Application Data\Google Updater

2010-06-02 07:23 . 2010-04-06 03:01 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe

2010-06-02 07:23 . 2008-03-05 03:38 353576 ----a-w- c:\windows\system32\msvcr71.dll

2010-05-31 04:17 . 2010-02-27 03:30 -------- d-----w- c:\program files\Real Alternative

2010-05-29 21:33 . 2008-09-07 04:52 -------- d-----r- c:\documents and settings\All Users\Application Data\SpeedBit

2010-05-27 02:05 . 2008-07-06 13:30 -------- d-s---w- c:\program files\Unlocker

2010-05-27 00:40 . 2010-02-26 02:31 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Toolbar4

2010-05-14 03:57 . 2009-06-25 06:53 -------- d-----r- c:\program files\Common Files\snpstd3

2010-05-08 04:22 . 2008-03-05 02:11 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-08 04:06 . 2008-03-05 07:10 335592 ----a-w- c:\documents and settings\Stephen D Beakey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-08 01:05 . 2009-12-23 02:48 -------- d---a-r- c:\documents and settings\All Users\Application Data\TEMP

2010-05-02 01:46 . 2010-01-21 08:47 -------- d-----r- c:\program files\WinUtilities

2010-05-01 08:22 . 2010-02-15 01:30 -------- d-----r- c:\program files\Malwarebytes' Anti-Malware

2010-05-01 08:20 . 2010-05-01 08:20 711168 ----a-w- c:\windows\is-S7V82.exe

2010-05-01 07:54 . 2010-05-01 07:54 711168 ----a-w- c:\windows\is-105LB.exe

2010-05-01 07:02 . 2008-04-18 11:14 -------- d-s---w- c:\program files\Realtek

2010-05-01 06:34 . 2010-05-01 06:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2010-05-01 06:34 . 2008-03-05 03:25 -------- d-s---w- c:\program files\Microsoft IntelliPoint

2010-05-01 05:37 . 2010-05-01 05:37 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\DeviceDoctorSoftware

2010-05-01 05:37 . 2010-05-01 05:37 -------- d-----w- c:\program files\Device Doctor

2010-05-01 03:14 . 2010-05-01 03:14 503808 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38cf09b1-n\msvcp71.dll

2010-05-01 03:14 . 2010-05-01 03:14 499712 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38cf09b1-n\jmc.dll

2010-05-01 03:14 . 2010-05-01 03:14 348160 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38cf09b1-n\msvcr71.dll

2010-05-01 03:14 . 2010-05-01 03:14 61440 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-34e6bd49-n\decora-sse.dll

2010-05-01 03:14 . 2010-05-01 03:14 12800 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-34e6bd49-n\decora-d3d.dll

2010-05-01 03:14 . 2010-05-01 03:14 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-01 03:14 . 2010-01-05 01:12 -------- d-----r- c:\program files\Java

2010-05-01 02:39 . 2010-03-18 07:14 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Skype

2010-05-01 01:20 . 2010-03-07 01:21 -------- d-----r- c:\program files\Skype

2010-05-01 01:20 . 2010-03-07 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-05-01 00:41 . 2008-04-05 05:23 -------- d-s---w- c:\program files\QuickTime

2010-05-01 00:31 . 2010-05-01 00:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-04-30 05:57 . 2008-03-12 21:15 -------- d-s---w- c:\documents and settings\All Users\Application Data\CyberLink

2010-04-30 05:57 . 2008-03-12 07:12 -------- d-s---w- c:\documents and settings\Stephen D Beakey\Application Data\CyberLink

2010-04-30 05:56 . 2009-11-11 06:21 -------- d-----r- c:\program files\Common Files\CyberLink

2010-04-30 05:54 . 2010-04-30 05:54 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe

2010-04-30 04:21 . 2010-03-24 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-04-30 04:20 . 2010-04-30 04:20 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-04-30 04:20 . 2009-08-06 22:43 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-04-30 04:20 . 2010-04-30 04:20 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-04-30 04:20 . 2010-04-30 04:20 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-04-30 04:20 . 2010-03-24 06:15 -------- d-----w- c:\program files\DivX

2010-04-30 04:20 . 2010-04-30 04:20 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-04-30 04:20 . 2010-04-30 04:20 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-04-30 04:18 . 2010-04-30 04:18 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

2010-04-30 04:18 . 2010-04-30 04:20 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-04-30 04:18 . 2010-04-30 04:18 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-04-30 04:12 . 2010-04-30 04:12 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys

2010-04-30 04:12 . 2008-03-23 03:55 -------- d-s---w- c:\program files\dvd43

2010-04-29 08:01 . 2009-07-25 08:17 -------- d-----r- c:\documents and settings\Stephen D Beakey\Application Data\Leawo

2010-04-29 07:52 . 2008-03-13 06:02 -------- d-s---w- c:\program files\ffdshow

2010-04-29 05:39 . 2009-07-06 19:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 05:39 . 2009-07-06 19:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 22:51 . 2010-04-30 04:20 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-04-20 03:18 . 2009-07-10 01:15 -------- d-----r- c:\documents and settings\Stephen D Beakey\Application Data\ThumbsPlus

2010-04-20 00:15 . 2010-01-03 22:35 -------- d-----r- c:\documents and settings\All Users\Application Data\ThumbsPlus

2010-04-19 05:23 . 2010-04-19 05:23 117584 ----a-w- c:\windows\system32\drivers\pwipf6.sys

2010-04-16 08:13 . 2010-04-16 08:13 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Audio Extractor

2010-04-16 08:13 . 2009-11-20 00:31 1118 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\Gold Audio Suite\ae\erdmpg4.sys

2010-04-16 08:12 . 2009-08-21 23:23 -------- d-----r- c:\documents and settings\Stephen D Beakey\Application Data\Gold Audio Suite

2010-04-16 03:25 . 2010-02-01 07:13 117760 ----a-w- c:\documents and settings\Stephen D Beakey\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-04-16 02:56 . 2009-12-26 08:08 -------- d-----r- c:\documents and settings\All Users\Application Data\Sandlot Games

2010-04-16 01:46 . 2010-04-16 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest Software

2010-04-15 23:29 . 2009-10-25 20:59 -------- d-----r- c:\program files\Defraggler

2010-04-08 03:01 . 2010-04-08 01:54 -------- d-----w- c:\documents and settings\Stephen D Beakey\Application Data\Magic3

2010-04-03 12:55 . 2010-01-12 02:03 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-04-03 12:55 . 2010-01-12 02:03 11647592 ----a-w- c:\windows\system32\nvcompiler.dll

2010-04-03 12:55 . 2009-12-23 01:23 6432128 ----a-w- c:\windows\system32\nv4_disp.dll

2010-04-03 12:55 . 2009-12-23 01:23 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-04-03 12:55 . 2009-09-27 23:12 4075520 ----a-w- c:\windows\system32\nvcuda.dll

2010-04-03 12:55 . 2009-09-27 23:12 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-04-03 12:55 . 2009-09-27 23:12 227944 ----a-w- c:\windows\system32\nvcodins.dll

2010-04-03 12:55 . 2009-09-27 23:12 227944 ----a-w- c:\windows\system32\nvcod.dll

2010-04-03 12:55 . 2009-09-27 23:12 2183470 ----a-w- c:\windows\system32\nvdata.bin

2010-04-03 12:55 . 2009-09-27 23:12 2030184 ----a-w- c:\windows\system32\nvcuvid.dll

2010-04-03 12:55 . 2009-09-27 23:12 14757888 ----a-w- c:\windows\system32\nvoglnt.dll

2010-04-03 12:55 . 2009-09-27 23:12 1097728 ----a-w- c:\windows\system32\nvapi.dll

2010-04-03 09:23 . 2010-04-03 09:23 278120 ----a-w- c:\windows\system32\nvmccs.dll

2010-04-03 09:23 . 2010-04-03 09:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe

2010-04-03 09:23 . 2010-04-03 09:23 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-04-03 09:23 . 2010-04-03 09:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

2010-04-03 09:23 . 2010-04-03 09:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-04-03 09:22 . 2010-04-03 09:22 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-03-31 01:58 . 2010-04-30 04:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2010-03-31 01:58 . 2010-04-30 04:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2010-03-31 01:58 . 2010-04-30 04:19 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys

2010-03-31 01:58 . 2010-04-30 04:19 133616 ------w- c:\windows\system32\pxafs.dll

2010-03-31 01:58 . 2010-04-30 04:19 125424 ------w- c:\windows\system32\pxinsi64.exe

2010-03-31 01:58 . 2010-04-30 04:19 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-03-29 01:12 . 2010-02-26 00:55 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-03-22 06:30 . 2009-12-23 01:54 222672 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2010-03-19 22:23 . 2010-03-27 11:57 426358 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll

2010-03-19 22:23 . 2010-03-27 11:57 373108 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll

2006-11-18 07:27 . 2006-11-18 07:27 8 --sha-r- c:\windows\neoqaz2.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ad55c869-668e-457c-b270-0cfb2f61116f}"= "c:\program files\livetvbar\tbliv0.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13e0b548-6fc9-47e9-9874-470915f46548}]

2010-03-04 07:48 2349080 ----a-w- c:\program files\Cdcovers\tbCdc0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{13e0b548-6fc9-47e9-9874-470915f46548}"= "c:\program files\Cdcovers\tbCdc0.dll" [2010-03-04 2349080]

"{ad55c869-668e-457c-b270-0cfb2f61116f}"= "c:\program files\livetvbar\tbliv0.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{13e0b548-6fc9-47e9-9874-470915f46548}]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{13E0B548-6FC9-47E9-9874-470915F46548}"= "c:\program files\Cdcovers\tbCdc0.dll" [2010-03-04 2349080]

"{AD55C869-668E-457C-B270-0CFB2F61116F}"= "c:\program files\livetvbar\tbliv0.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{13e0b548-6fc9-47e9-9874-470915f46548}]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartupDelayer"="d:\startup delayer\Startup Launcher.exe" [2009-03-08 73728]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

"BootSkin Startup Jobs"="d:\stardock\Wincustomize\Bootskin\bootskin.exe" [2004-04-26 270336]

c:\documents and settings\Stephen D Beakey\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - d:\stardock\ObjectDock\ObjectDock.exe [2007-8-7 4069232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFavoritesMenu"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoStartMenuMyMusic"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

"ForceCopyAclwithFile"= 1 (0x1)

"NoFavoritesMenu"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoStartMenuMyMusic"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "d:\stardock\ObjectDock\ODMenu.dll" [2010-03-24 511344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "d:\dvd programmes\DVD Ghost\ExecuteHooker.dll" [2004-07-27 90112]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "d:\dvdpro~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 04:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 04:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2010-02-03 06:11 172336 ----a-w- d:\stardock\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bootvis.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FolderMarker.ico]

backup=c:\windows\pss\FolderMarker.icoCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Animated Wallpaper Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^FolderMarker.ico]

backup=c:\windows\pss\FolderMarker.icoStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Hawkscope.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Impulse Now.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^ImpulseNow.lnk]

path=

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen D Beakey^Start Menu^Programs^Startup^Scheduler.lnk]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Icon Remover

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\'Ashampoo AntiSpyWare 2 Guard']

2009-07-15 00:44 2376536 ----a-w- d:\ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- d:\adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

2010-04-01 23:11 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]

2010-02-20 08:29 84464 ----a-w- d:\roxio\Roxio 2010\5.0\CPMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

[bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefragTaskBar]

2009-12-16 00:21 927072 ----a-w- d:\ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskMateAutoUpdate]

2009-04-21 05:44 25896 ----a-w- c:\progra~1\DeskMates\DeskMateAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]

2010-02-20 08:31 494064 ----a-w- d:\roxio\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopIconToy]

2009-12-22 11:16 454656 ----a-w- d:\desktop icon toy\DesktopIconToy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

2007-02-25 15:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]

2007-07-11 06:09 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-09-05 13:40 133104 ----atw- c:\documents and settings\Stephen D Beakey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2009-05-08 07:14 1116696 ----a-w- d:\nero 9\Nero 9\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]

2009-01-12 11:01 681256 ----a-w- d:\cyberl~1\INSTAN~1\Win2K\IBurn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBHGui]

2009-05-08 07:14 1593880 ----a-w- d:\nero 9\Nero 9\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2010-03-31 13:30 1657448 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 11:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2010-02-21 09:53 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-05-21 06:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stardock Central]

2006-10-03 04:20 395000 ----a-w- d:\stardock\Component Tray\sdctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Manager]

2009-02-17 07:56 918760 ----a-w- d:\advanced system optimizer\startUp manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-03-05 23:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]

2005-12-20 04:39 94208 ----a-w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-12-18 00:30 39424 ----a-w- d:\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XArp]

2008-03-24 16:01 1333760 ----a-w- c:\program files\XArp\XArpGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"InCDsrv"=2 (0x2)

"Bonjour Service"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"VideoAcceleratorService"=2 (0x2)

"RichVideo"=2 (0x2)

"iPod Service"=3 (0x3)

"Z-Cron"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"0121221240290827mcinstcleanup"=2 (0x2)

"LiveUpdate Notice"=2 (0x2)

"LiveUpdate"=3 (0x3)

"avg8emc"=2 (0x2)

"Automatic LiveUpdate Scheduler"=2 (0x2)

"C-DillaCdaC11BA"=2 (0x2)

"aawservice"=2 (0x2)

"WSearch"=2 (0x2)

"NMIndexingService"=3 (0x3)

"CiSvc"=2 (0x2)

"NBService"=3 (0x3)

"TermService"=3 (0x3)

"RDSessMgr"=3 (0x3)

"mnmsrvc"=3 (0x3)

"LogMeIn"=2 (0x2)

"LMIMaint"=2 (0x2)

"ICQ Service"=2 (0x2)

"gusvc"=2 (0x2)

"gupdate1c9d099f296cc74"=2 (0x2)

"AcrSch2Svc"=2 (0x2)

"avg8wd"=2 (0x2)

"Process Blocker"=2 (0x2)

"ThreatFire"=2 (0x2)

"9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269"=3 (0x3)

"NeroRegInCDSrv"=3 (0x3)

"TGService"=3 (0x3)

"STSService"=3 (0x3)

"RGService"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Desktop3D"=d:\desktop3d\Desktop3D_DX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\CyberLink\\PowerDirector\\PDR.exe"=

"d:\\FrostWire\\FrostWire.exe"=

"d:\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImSc.exe"=

"c:\\Program Files\\360desktop\\360desktop.exe"=

"c:\\Program Files\\360desktop\\360manager.exe"=

"d:\\ICQ6.5\\ICQ.exe"=

"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=

"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"d:\\Browsers\\Opera\\opera.exe"=

"d:\\Browsers\\Mozilla Firefox\\firefox.exe"=

"g:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=

"g:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=

"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=

"d:\\Tidy Favorites\\TidyFavorites.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:DCOM(135)

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [11/10/2009 1:52 AM 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [11/10/2009 1:51 AM 15856]

R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [12/03/2008 5:09 PM 15784]

R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [11/10/2009 1:52 AM 25584]

R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [29/03/2008 11:48 AM 95592]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/30 15:56];d:\cyberlink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [2/04/2010 9:11 AM 87536]

R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;d:\astra32\astra32.sys [22/02/2007 11:28 AM 30864]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [12/03/2008 5:09 PM 161576]

R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [6/09/2007 8:15 PM 5504]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/11/2007 6:22 AM 50704]

R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [9/12/2009 6:23 PM 234304]

R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [10/12/2009 1:39 PM 41120]

R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [21/01/2010 2:25 PM 27752]

S1 AvgLdx86;AVG LinkScanner

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hi Dave,

The ESET detection in the Stardock folder is indeed a false positive it seems.

ComboFix has mucked up many settings including Services, with the Event Log showing several Error messages.. I will have to restore them manually.
Can you please give me a few examples of this. I reviewed all logs; no services were touched by combofix. However with the amount of programs running on your computer and the registry customizations done, I am not surprised to see things are not running smoothly.

Combofix resets a few settings (for example, it hides hidden files) but it isn't supposed to make any big changes.

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Elise, Don't worry about Services. By working with my Registry backup I was able to restore my defaults in the new Registry, with the only errors being the initial failure of Automatic Updates and the Diskeeper Service which hang. I have set up Services for these Services restart and they do load as required. So - what next? Regards. Dave

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hi Dave, next we are done (unless you have any problem left of course) and you are good to go :P

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Elise, Before I sign off, can I assume that the file Shelllnk.tlb was the cause of my problem? I have to be able to search for whatever put this file on my system. Other than that, my system is functioning correctly and appears to be stable. The programmes mentioned in your last post are used by myself in order to keep this system up to date, so there are no fears in that direction. Could you please advise if something was received by you from PP? Thank you for your assistance. Regards. Dave

Link to post
Share on other sites
Possum47

Possum47

Posted
  • Author
Posted

Elise, Before I sign off, can I assume that the file Shelllnk.tlb was the cause of my problem? I have to be able to search for whatever put this file on my system. Other than that, my system is functioning correctly and appears to be stable. The programmes mentioned in your last post are used by myself in order to keep this system up to date, so there are no fears in that direction. Could you please advise if something was received by you from PP? Thank you for your assistance. Regards. Dave

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Yes that file was indeed a baddie. However it is very hard to say where it came from. See also the How did I get Infected link in my All clean post. There are different ways malware gets "distributed".

Please let me know if you have any other questions :P

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.