Jump to content

rootkit issue


dimmy84

Recommended Posts

Hi i am after some help, i have had two previous topics but have not been able to remove yet.

I have been asked to repost in here again, the two links below are the topics i previosuly created.

This rootkit keeps appearing after i remove it

http://forums.malwarebytes.org/index.php?showtopic=61539

http://forums.malwarebytes.org/index.php?s...mp;#entry304274

Link to post
Share on other sites

This is my HJT log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:23:54 PM, on 14/09/2010

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Windows\ehome\ehmsas.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts:

Link to post
Share on other sites

This is my HJT log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:23:54 PM, on 14/09/2010

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Windows\ehome\ehmsas.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts:

Link to post
Share on other sites

Hello dimmy84

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    C:\Windows\system32\Drivers\macbnrgc.sys

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

OTL logfile created on: 19/09/2010 8:59:14 PM - Run 1

OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Dimitri\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,022.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 30.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 291.70 Gb Total Space | 62.46 Gb Free Space | 21.41% Space Free | Partition Type: NTFS

Drive D: | 6.39 Gb Total Space | 0.88 Gb Free Space | 13.80% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive M: | 149.05 Gb Total Space | 76.30 Gb Free Space | 51.19% Space Free | Partition Type: NTFS

Computer Name: DIMITRI-PC

Current User Name: Dimitri

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Dimitri\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\Dimitri\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll (SlySoft, Inc.)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found

SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)

SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)

SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)

SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)

SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()

SRV - (M1 Server) Intel® Viiv -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()

SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel® Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)

DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (smscir) -- C:\Windows\System32\drivers\havair.sys (Monsoon Multimedia Inc.)

DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/26 15:44:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 08:32:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 08:32:01 | 000,000,000 | ---D | M]

[2009/12/19 00:22:39 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\Mozilla\Extensions

[2009/12/19 00:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dimitri\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/08/18 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\Mozilla\Firefox\Profiles\jyuluwnq.default\extensions

[2009/12/19 00:51:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dimitri\AppData\Roaming\Mozilla\Firefox\Profiles\jyuluwnq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/14 09:33:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/11 08:32:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/03/13 07:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2010/08/11 08:31:43 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/08/11 08:31:43 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/03/13 07:36:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2010/08/11 08:31:53 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/06/10 17:33:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/06/10 17:33:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/06/10 17:33:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/06/10 17:33:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/06/10 17:33:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/08/11 08:31:56 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/08/11 08:31:56 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/08/11 08:31:56 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/08/11 08:31:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/08/11 08:31:56 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/08/11 08:31:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/08/11 08:31:56 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/08/29 19:13:18 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [CCUTRAYICON] File not found

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photoup...NPUplden-au.cab (Windows Live Hotmail Photo Upload Tool)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/02/28 04:17:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk /p \??\L:) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/19 20:58:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dimitri\Desktop\OTL.exe

[2010/08/29 19:22:57 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2010/08/28 23:22:39 | 000,000,000 | ---D | C] -- C:\Users\Dimitri\AppData\Local\temp

[2010/08/28 23:15:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/08/28 23:02:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/08/28 23:02:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/08/28 23:02:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/08/28 23:02:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/08/28 23:02:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/08/28 23:01:51 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/08/28 23:01:28 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010/08/24 09:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Optus Wireless Broadband

[2010/08/24 08:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/04/23 19:33:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Dimitri\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/09/19 21:03:12 | 007,864,320 | -HS- | M] () -- C:\Users\Dimitri\ntuser.dat

[2010/09/19 21:01:59 | 000,782,848 | ---- | M] () -- C:\Windows\System32\drivers\macbnrgc.sys

[2010/09/19 20:56:43 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/09/19 20:56:43 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/09/19 20:56:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/19 20:56:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/19 20:56:02 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/19 20:56:02 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/19 20:55:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/19 20:55:47 | 1072,128,000 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/19 20:53:18 | 000,133,632 | ---- | M] () -- C:\Users\Dimitri\Desktop\RKUnhookerLE.EXE

[2010/09/19 20:52:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dimitri\Desktop\OTL.exe

[2010/09/19 07:56:29 | 000,052,224 | ---- | M] () -- C:\Users\Dimitri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/19 07:56:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/15 19:29:37 | 002,588,329 | -H-- | M] () -- C:\Users\Dimitri\AppData\Local\IconCache.db

[2010/09/14 20:21:12 | 000,002,487 | ---- | M] () -- C:\Users\Dimitri\Desktop\HiJackThis.lnk

[2010/09/13 22:18:53 | 000,185,874 | ---- | M] () -- C:\Users\Dimitri\Desktop\Picture1.png

[2010/09/12 17:15:41 | 000,720,952 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/09/12 17:15:41 | 000,625,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/09/12 17:15:41 | 000,108,966 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/09/01 20:31:52 | 000,150,917 | ---- | M] () -- C:\Users\Dimitri\Desktop\attach.zip

[2010/08/31 20:30:01 | 000,124,264 | ---- | M] () -- C:\Users\Dimitri\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/08/30 19:43:24 | 000,293,376 | ---- | M] () -- C:\Users\Dimitri\Desktop\nsfckwtr.exe

[2010/08/29 19:13:18 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2010/08/28 23:15:23 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/08/24 14:48:48 | 001,776,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/08/24 09:38:54 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk

[2010/08/24 08:30:03 | 000,182,012 | ---- | M] () -- C:\Users\Dimitri\Desktop\Doc1.docx

========== Files Created - No Company Name ==========

[2010/09/19 20:58:17 | 000,133,632 | ---- | C] () -- C:\Users\Dimitri\Desktop\RKUnhookerLE.EXE

[2010/09/13 22:18:53 | 000,185,874 | ---- | C] () -- C:\Users\Dimitri\Desktop\Picture1.png

[2010/09/02 19:19:05 | 1072,128,000 | -HS- | C] () -- C:\hiberfil.sys

[2010/09/01 20:31:52 | 000,150,917 | ---- | C] () -- C:\Users\Dimitri\Desktop\attach.zip

[2010/09/01 19:52:35 | 000,293,376 | ---- | C] () -- C:\Users\Dimitri\Desktop\nsfckwtr.exe

[2010/08/28 23:02:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/08/28 23:02:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/08/28 23:02:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/08/28 23:02:23 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/08/28 23:02:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/08/24 09:38:54 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk

[2010/08/24 08:55:05 | 000,002,487 | ---- | C] () -- C:\Users\Dimitri\Desktop\HiJackThis.lnk

[2010/08/14 11:47:14 | 000,782,848 | ---- | C] () -- C:\Windows\System32\drivers\macbnrgc.sys

[2010/06/18 21:54:27 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010/06/18 21:51:12 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/12/22 13:42:28 | 000,032,768 | ---- | C] () -- C:\Windows\System32\BCGPOleAcc.dll

[2009/12/19 09:11:27 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

[2009/04/23 19:34:23 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll

[2009/04/23 19:34:14 | 000,000,034 | ---- | C] () -- C:\Users\Dimitri\AppData\Roaming\pcouffin.log

[2009/04/23 19:33:31 | 000,081,920 | ---- | C] () -- C:\Users\Dimitri\AppData\Roaming\ezpinst.exe

[2009/04/23 19:33:31 | 000,007,176 | ---- | C] () -- C:\Users\Dimitri\AppData\Roaming\pcouffin.cat

[2009/04/23 19:33:31 | 000,001,144 | ---- | C] () -- C:\Users\Dimitri\AppData\Roaming\pcouffin.inf

[2009/04/23 18:10:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/04/21 21:59:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/04/19 20:02:59 | 000,000,000 | ---- | C] () -- C:\Users\Dimitri\AppData\Roaming\wklnhst.dat

[2009/03/31 18:42:41 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009/03/28 17:21:33 | 000,000,361 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/03/28 17:13:19 | 000,052,224 | ---- | C] () -- C:\Users\Dimitri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/02/28 03:55:36 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll

[2007/02/28 03:55:36 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll

[2007/02/28 03:45:42 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll

[2007/01/10 21:26:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 22:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 17:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/08/11 16:30:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/08/11 16:30:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/06/24 03:39:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

[2004/09/17 05:54:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2009/03/29 22:17:09 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\Beep Industries

[2009/12/17 15:40:20 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\Canon

[2009/12/19 09:26:11 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/06/26 10:18:18 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\Facebook

[2009/03/28 17:13:30 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\muvee Technologies

[2009/04/19 16:10:33 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\PCToolsFirewallPlus

[2010/06/14 11:55:00 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\Pegasys Inc

[2009/04/19 20:03:01 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\Template

[2010/08/14 11:48:49 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\uTorrent

[2010/09/13 23:02:21 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\VideoReDoPlus

[2009/04/23 19:34:14 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\Vso

[2010/04/05 13:39:03 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\WinBatch

[2010/09/19 07:57:15 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2007/02/28 04:17:39 | 000,000,074 | ---- | M] () -- C:\autoexec.bat

[2006/11/02 19:23:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr

[2007/02/28 03:45:12 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2010/08/28 23:22:37 | 000,017,901 | ---- | M] () -- C:\ComboFix.txt

[2006/09/19 07:13:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010/09/19 20:55:47 | 1072,128,000 | -HS- | M] () -- C:\hiberfil.sys

[2009/04/19 15:31:00 | 000,000,548 | ---- | M] () -- C:\INSTALL.LOG

[2010/09/19 20:55:45 | 1386,082,304 | -HS- | M] () -- C:\pagefile.sys

[2007/02/28 04:01:21 | 000,000,396 | ---- | M] () -- C:\RHDSetup.log

[2010/08/14 23:42:59 | 000,000,456 | ---- | M] () -- C:\rkill.log

[2010/04/05 15:53:34 | 000,000,430 | ---- | M] () -- C:\updatedatfix.log

< C:\Windows\system32\Drivers\macbnrgc.sys >

[2010/09/19 21:03:30 | 000,782,848 | ---- | M] () -- C:\Windows\System32\Drivers\macbnrgc.sys

< %systemroot%\system32\*.dll /lockedfiles >

[2006/11/02 19:17:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/03/29 22:30:55 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/11/02 20:04:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 20:04:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 20:04:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 20:04:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 20:04:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

[2010/09/19 21:04:50 | 000,782,848 | ---- | M] () -- C:\Windows\System32\drivers\macbnrgc.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/04/01 05:30:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9H.DLL

[2008/04/01 05:30:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9H.DLL

[2006/11/02 22:05:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:0888F409

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C31F31E6

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7E95B6FD

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 19/09/2010 8:59:14 PM - Run 1

OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Dimitri\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,022.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 30.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 291.70 Gb Total Space | 62.46 Gb Free Space | 21.41% Space Free | Partition Type: NTFS

Drive D: | 6.39 Gb Total Space | 0.88 Gb Free Space | 13.80% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive M: | 149.05 Gb Total Space | 76.30 Gb Free Space | 51.19% Space Free | Partition Type: NTFS

Computer Name: DIMITRI-PC

Current User Name: Dimitri

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1126290750-2385104917-3700023229-1001]

"EnableNotificationsRef" = 2

"EnableNotifications" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{4FACDCE6-E4E0-4CA1-BB45-11D598125376}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv media server upnp discovery |

"{9F0EFFF2-7114-4168-BE30-B9E6E9799539}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{EFFC5142-D684-46FA-870B-A830437DE983}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv media server discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00522D30-8BBE-4BD6-B71E-D0E9C9593F85}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{00B3F92F-64E1-4A1E-AC56-6E295720D136}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{09DCDFBA-AFD3-490F-82FC-607D3A76EC29}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |

"{0A0CBBFB-5C31-4A62-9B43-E9178C70031A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{14B42B11-7BE3-4D65-A28D-C60DBDF713A2}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |

"{1798480F-B262-4619-B1A2-290DF87B2F53}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |

"{36349488-B6E9-46E6-914F-A5DD892CB18A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{45D11E91-B226-4B36-9337-6C2DC2FE6266}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |

"{497171C0-7B71-44F7-93AC-2D711AA0B35A}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |

"{52F77331-D776-48AA-ADC0-4979EA35D7E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5A3D5812-288A-466D-97DF-C4EF4F8F7D6F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7F9EB561-7946-447D-B2B8-BA2496CC80E4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{82C3AB8F-5C08-459C-86D2-9CFC5D10CBD3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{94ED54B3-3963-4DA9-969F-5F726C7E0EA7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{97C60AE5-F2EC-4919-A98C-5C4CF3812914}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |

"{AD14A5A2-B7FB-41DE-8547-2EF6191666AE}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |

"{BD76C26C-5E59-42E1-9BF5-226DE68F0E4A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{BFB1F97F-0E7D-41C0-82F1-D102C07DA272}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{CAEF38E9-6891-4E9B-89B8-8901429DFF47}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpse.exe |

"{CC73AE22-0B13-45FB-B1B3-5E1FC09CD537}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpsapp.exe |

"{D6E21DB3-B81F-4C37-ACBC-6E06ED432F45}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |

"{D845E8BB-CC51-4613-89E2-061050F7CDBD}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{DA11A41E-4EB7-440B-8542-91527A343081}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DA5A66EE-EED7-4C39-B25D-0946B08302F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{F61263DB-B954-4B63-B753-F86088CFEBC9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{F7A98ADF-197F-4F35-ACFE-E9CE5AFBA465}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{FA2EC4CD-7E7C-48DE-BF96-823F57C72E89}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqsudi.exe |

"TCP Query User{A0E13DE2-3D20-4163-A35B-DA4469210D0E}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"UDP Query User{EC006388-261A-4784-B9EF-06B8FFD4ABDF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers

"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype

Link to post
Share on other sites

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6000

Number of processors #2

==============================================

>Drivers

==============================================

0x89EAC000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9781248 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 186.27 )

0x82000000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)

0x82000000 PnpManager 3805184 bytes

0x82000000 RAW 3805184 bytes

0x82000000 WMIxWDM 3805184 bytes

0x8A94C000 C:\Windows\system32\DRIVERS\3xHybrid.sys 2834432 bytes (ASUSTeK Computer Inc., 3xHybrid)

0x94000000 Win32k 2097152 bytes

0x94000000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8B05B000 C:\Windows\system32\drivers\RTKVHDA.sys 1724416 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x828F8000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)

0x81EB2000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)

0x9CEE9000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x8B52B000 C:\Windows\System32\drivers\tcpip.sys 872448 bytes (Microsoft Corporation, TCP/IP Driver)

0x8BA0F000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes

0x80629000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x8073A000 C:\Windows\System32\Drivers\macbnrgc.sys 811008 bytes

0x89E0F000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x992B2000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)

0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)

0x8288E000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x9C397000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x80266000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)

0x9C250000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)

0x97020000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0x806F0000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8B4E4000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x80461000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)

0x8A893000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8985C000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8021A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)

0x8B456000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x9CFC7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x81E4E000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)

0x81E18000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x823A1000 ACPI_HAL 212992 bytes

0x823A1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x8AFB4000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x8B4B2000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x81FCF000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8AEE7000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x8A8D3000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x81E87000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x89832000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0x8980A000 C:\Windows\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)

0x8AEC2000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x8285A000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)

0x80434000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x9C2E1000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x8A843000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x8BBC8000 C:\Windows\System32\Drivers\aswSP.SYS 135168 bytes (ALWIL Software, avast! self protection module)

0x82828000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0x8AE4A000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x9C323000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x80603000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)

0x9C305000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x982F3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x9A712000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)

0x9B467000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8B042000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x8A916000 C:\Windows\System32\Drivers\AnyDVD.sys 98304 bytes (SlySoft, Inc., AnyDVD Filter Driver)

0x8A8FE000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x8AFE8000 C:\Windows\system32\DRIVERS\havair.sys 98304 bytes (Monsoon Multimedia Inc., Hava IR Driver for eHome)

0x9821C000 C:\Windows\system32\DRIVERS\aswMonFlt.sys 94208 bytes (ALWIL Software, avast! File System Minifilter for Windows 2003/Vista)

0x8BBE9000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)

0x8A871000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x983CA000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8B003000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8B02D000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)

0x9AD0B000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x9C343000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8B019000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8A939000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0x8A830000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x9A76D000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8B491000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x88D0B000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x9B455000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8BBB6000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0x9AD6E000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x82849000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x81FBF000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x865B0000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)

0x865E0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x80415000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x865C0000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)

0x86550000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0x8693D000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x8287F000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x81E01000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8691F000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8692E000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)

0x80425000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x88D75000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0x97010000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8A809000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)

0x88C01000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)

0x8B4A4000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8AE11000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x80400000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x88D83000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x86806000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8A817000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x88D1D000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x8020D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0x8A824000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)

0x8AE6B000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8AE77000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)

0x8A92E000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x89E04000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8AE1F000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8A866000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x9AC71000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8A888000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x88C0F000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x88D91000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x898AD000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)

0x898C1000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x89899000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x898B7000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x89911000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x88C86000 C:\Windows\System32\Drivers\cdrbsdrv.SYS 36864 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)

0x8281F000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x88C98000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x88C8F000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)

0x88C59000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x8025D000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x81FB6000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0x88CA1000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x97000000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x80204000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x96DB8000 C:\Windows\system32\DRIVERS\aswFsBlk.sys 32768 bytes (ALWIL Software, avast! File System Access Blocking Driver)

0x80621000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x80255000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x86898000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x80459000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x868B8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x868C0000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x81E10000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x8682E000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x86820000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x8040E000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0x86827000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x88DF4000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x88CF8000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)

0x88CDF000 C:\Windows\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)

0x8AEAA000 C:\Windows\System32\Drivers\aswRdr.SYS 16384 bytes (ALWIL Software, avast! TDI RDR Driver)

0x88CBF000 C:\Windows\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)

0x9B5AE000 C:\Windows\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)

0x86416000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 186.27 )

0x8641E000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8641A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0x8818A120 unknown_irp_handler 3808 bytes

==============================================

>Stealth

==============================================

WARNING: File locked for read access [C:\Windows\system32\drivers\macbnrgc.sys]

==============================================

>Files

==============================================

!-->[Hidden] C:\ProgramData\Microsoft\eHome\logs\mcstore-mcupdate-2010.9.20.18.20.31.log

!-->[Hidden] C:\ProgramData\Microsoft\RAC\StateData\RacStability.ECF442AB01C04AB4880DD1E1F5F44D8D::$DATA

!-->[Hidden] C:\ProgramData\Microsoft\RAC\StateData\RacStabilityCalc.ECF442AB01C04AB4880DD1E1F5F44D8D::$DATA

!-->[Hidden] C:\ProgramData\Microsoft\RAC\StateData\WdcDataCollectionBookmark.ECF442AB01C04AB4880DD1E1F5F44D8D::$DATA

!-->[Hidden] C:\ProgramData\Microsoft\RAC\StateData\WDCEvents.ECF442AB01C04AB4880DD1E1F5F44D8D::$DATA

!-->[Hidden] C:\Users\Dimitri\AppData\Local\temp\~DF81C9.tmp::$DATA

!-->[Hidden] C:\Users\Dimitri\AppData\Local\temp\~DFD494.tmp::$DATA

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0180UVV9\2778[1]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBL5Y3B8\IMG[1]

==============================================

>Hooks

==============================================

Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

ntkrnlpa.exe+0x0009138E, Type: Inline - RelativeJump 0x8209138E-->82091395 [ntkrnlpa.exe]

Link to post
Share on other sites

I see you have run Combofix previously go ahead and delete that copy if you still have it.

Then do the following:

===============

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

ComboFix 10-09-19.03 - Dimitri 20/09/2010 21:53:07.2.2 - x86

Running from: c:\users\Dimitri\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100910-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivirus 4.8.1368 [VPS 100910-1] *disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))

.

2010-09-20 12:31 . 2010-09-20 12:31 -------- d-----w- c:\users\Dimitri\AppData\Local\temp

2010-09-20 12:31 . 2010-09-20 12:31 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-09-20 12:31 . 2010-09-20 12:31 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2010-09-20 12:31 . 2010-09-20 12:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-20 12:21 . 2010-09-20 12:21 -------- d-----w- C:\32788R22FWJFW

2010-08-29 09:52 . 2010-08-29 09:52 -------- d-sh--w- c:\windows\system32\%APPDATA%

2010-08-24 00:07 . 2010-08-24 00:09 -------- d-----w- c:\program files\Optus Wireless Broadband

2010-08-23 23:25 . 2010-08-23 23:25 388096 ----a-r- c:\users\Dimitri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-23 23:25 . 2010-08-23 23:25 -------- d-----w- c:\program files\Trend Micro

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-20 12:18 . 2010-06-18 12:21 32061 ----a-w- c:\programdata\nvModes.dat

2010-09-13 13:32 . 2010-04-17 00:06 -------- d-----w- c:\users\Dimitri\AppData\Roaming\VideoReDoPlus

2010-09-13 12:28 . 2010-08-02 08:42 -------- d-----w- c:\programdata\Microsoft Help

2010-08-31 11:00 . 2009-03-28 05:52 124264 ----a-w- c:\users\Dimitri\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-14 14:12 . 2010-08-14 14:12 -------- d-----w- c:\users\Dimitri\AppData\Roaming\Malwarebytes

2010-08-14 14:12 . 2010-08-14 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-14 14:12 . 2010-08-14 14:12 -------- d-----w- c:\programdata\Malwarebytes

2010-08-14 02:18 . 2009-04-19 10:11 -------- d-----w- c:\users\Dimitri\AppData\Roaming\uTorrent

2010-08-10 12:26 . 2010-07-05 11:37 -------- d-----w- c:\program files\etax2010

2010-08-07 05:26 . 2009-12-16 10:12 -------- d-----w- c:\programdata\CanonIJPLM

2010-08-02 09:04 . 2010-08-02 08:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-08-02 08:55 . 2010-08-02 08:55 -------- d-----w- c:\program files\Microsoft Works

2010-08-02 08:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild

2010-08-02 08:52 . 2010-08-02 08:52 -------- d-----w- c:\program files\Microsoft.NET

2010-06-26 00:48 . 2010-06-26 00:48 50354 ----a-w- c:\users\Dimitri\AppData\Roaming\Facebook\uninstall.exe

2010-06-25 07:47 . 2010-06-25 07:47 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-25 07:42 . 2010-06-25 07:42 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-03-29 1232896]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-30 2542528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CCUTRAYICON"="FactoryMode" [X]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-03-29 1006264]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]

"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]

"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-12 149280]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-27 185896]

"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-03-17 421888]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 13789728]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\L:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk

backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-02 17:38 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 09:50 155648 ----a-r- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nike+ Connect]

2010-05-08 01:35 299008 ----a-w- c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 06:37 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1126290750-2385104917-3700023229-1001]

"EnableNotificationsRef"=dword:00000002

R2 gupdate1c9c27c4061aeac;Google Update Service (gupdate1c9c27c4061aeac);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 133104]

R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-22 112128]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]

S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]

S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]

--- Other Services/Drivers In Memory ---

*Deregistered* - macbnrgc

.

Contents of the 'Scheduled Tasks' folder

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 12:25]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 12:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=71&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Dimitri\AppData\Roaming\Mozilla\Firefox\Profiles\jyuluwnq.default\

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-20 22:01

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\Dimitri\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\macbnrgc]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2010-09-20 22:05:48

ComboFix-quarantined-files.txt 2010-09-20 12:35

ComboFix2.txt 2010-08-28 13:52

Pre-Run: 66,328,981,504 bytes free

Post-Run: 65,677,279,232 bytes free

- - End Of File - - 42CF7A36BA8895183B0BF9CC867EEBA1

Link to post
Share on other sites

1. Please open Notepad

  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://forums.malwarebytes.org/index.php?showtopic=62658

Driver::
macbnrgc

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\macbnrgc]

Collect::
C:\Windows\system32\drivers\macbnrgc.sys

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

4. During this run Combofix will collect and automatically upload some sample files.

You will see it say Combofix needs to upload some samples.

If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Link to post
Share on other sites

1. Please open Notepad

  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::

Rootkit::
c:\windows\system32\drivers\macbnrgc.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2010/09/19 21:04:50 | 000,782,848 | ---- | M] () -- C:\Windows\System32\drivers\macbnrgc.sys

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

=========

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

All processes killed

========== OTL ==========

C:\Windows\System32\drivers\macbnrgc.sys moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Dimitri

->Temp folder emptied: 33512 bytes

->Temporary Internet Files folder emptied: 377260 bytes

->Java cache emptied: 7140 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: IUSR_NMPR

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 26749 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.12.1 log created on 09212010_220533

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

===================================================================

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4663

Windows 6.0.6000

Internet Explorer 8.0.6001.18882

21/09/2010 10:25:36 PM

mbam-log-2010-09-21 (22-25-36).txt

Scan type: Quick scan

Objects scanned: 151339

Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I did it twice, the first time it stopped for some reason after 35% but it said it removed 2 threats, this log below is for the second time i did it

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=24e3cd1015a9e64e8f9186cf8f710df8

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-09-21 02:37:48

# local_time=2010-09-22 12:07:48 (+0930, Cen. Australia Standard Time)

# country="Australia"

# lang=9

# osver=6.0.6000 NT

# compatibility_mode=512 16777215 100 0 2468619 2468619 0 0

# compatibility_mode=769 16775129 100 98 8310 221366477 867288 0

# compatibility_mode=5892 16776573 100 100 0 122607251 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=136116

# found=2

# cleaned=2

# scan_time=3545

C:\Program Files\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe Win32/Packed.Themida.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\hlp.dat Win32/Bamital.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=24e3cd1015a9e64e8f9186cf8f710df8

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-09-21 11:01:06

# local_time=2010-09-22 08:31:06 (+0930, Cen. Australia Standard Time)

# country="Australia"

# lang=9

# osver=6.0.6000 NT

# compatibility_mode=512 16777215 100 0 2497941 2497941 0 0

# compatibility_mode=769 16775125 100 98 5518 221395799 0 0

# compatibility_mode=5892 16776573 100 100 0 122636573 0 0

# compatibility_mode=8192 67108863 100 0 28242 28242 0 0

# scanned=184146

# found=0

# cleaned=0

# scan_time=4438

Link to post
Share on other sites

Looks good now how are things running?

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites

OTL logfile created on: 22/09/2010 8:24:20 PM - Run 2

OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Dimitri\Desktop

Seems to be working ok, i can connect to the internet with no error message on this computer

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,022.00 Mb Total Physical Memory | 273.00 Mb Available Physical Memory | 27.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 291.70 Gb Total Space | 58.80 Gb Free Space | 20.16% Space Free | Partition Type: NTFS

Drive D: | 6.39 Gb Total Space | 0.88 Gb Free Space | 13.80% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 22.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive M: | 149.05 Gb Total Space | 75.62 Gb Free Space | 50.73% Space Free | Partition Type: NTFS

Computer Name: DIMITRI-PC

Current User Name: Dimitri

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Dimitri\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\hp\KBD\KbdStub.exe ()

PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\Dimitri\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll (SlySoft, Inc.)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found

SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)

SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)

SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)

SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)

SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()

SRV - (M1 Server) Intel® Viiv -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()

SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel® Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (smscir) -- C:\Windows\System32\drivers\havair.sys (Monsoon Multimedia Inc.)

DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/26 15:44:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 08:32:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 08:32:01 | 000,000,000 | ---D | M]

[2009/12/19 00:22:39 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\Mozilla\Extensions

[2009/12/19 00:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dimitri\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/08/18 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Dimitri\AppData\Roaming\Mozilla\Firefox\Profiles\jyuluwnq.default\extensions

[2009/12/19 00:51:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dimitri\AppData\Roaming\Mozilla\Firefox\Profiles\jyuluwnq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/14 09:33:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/11 08:32:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/03/13 07:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2010/08/11 08:31:43 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/08/11 08:31:43 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/03/13 07:36:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2010/08/11 08:31:53 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/06/10 17:33:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/06/10 17:33:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/06/10 17:33:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/06/10 17:33:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/06/10 17:33:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/08/11 08:31:56 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/08/11 08:31:56 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/08/11 08:31:56 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/08/11 08:31:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/08/11 08:31:56 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/08/11 08:31:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/08/11 08:31:56 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/09/21 21:44:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [CCUTRAYICON] File not found

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photoup...NPUplden-au.cab (Windows Live Hotmail Photo Upload Tool)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/02/28 04:17:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/08/23 04:12:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008/05/28 11:18:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk /p \??\L:) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/22 08:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2010/09/21 22:59:56 | 000,000,000 | ---D | C] -- C:\Users\Dimitri\AppData\Local\WindowsUpdate

[2010/09/21 22:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/09/21 22:05:33 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/09/21 21:50:08 | 000,000,000 | ---D | C] -- C:\Users\Dimitri\AppData\Local\temp

[2010/09/21 21:44:40 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2010/09/21 21:40:10 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2010/09/21 21:27:20 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010/09/19 20:58:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dimitri\Desktop\OTL.exe

[2010/08/29 19:22:57 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2010/08/28 23:02:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/08/28 23:02:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/08/28 23:02:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/08/28 23:02:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/08/28 23:02:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/08/28 23:01:51 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/08/24 09:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Optus Wireless Broadband

[2010/08/24 08:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/04/23 19:33:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Dimitri\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/09/22 20:28:55 | 007,864,320 | -HS- | M] () -- C:\Users\Dimitri\ntuser.dat

[2010/09/22 20:23:22 | 000,124,264 | ---- | M] () -- C:\Users\Dimitri\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/09/22 20:22:48 | 001,776,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/09/22 20:22:40 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/22 20:22:38 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/22 20:22:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/22 20:22:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/22 20:22:05 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/09/22 20:22:05 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/09/22 20:21:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/22 20:21:28 | 1072,128,000 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/22 09:26:52 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini

[2010/09/22 09:23:37 | 002,592,339 | -H-- | M] () -- C:\Users\Dimitri\AppData\Local\IconCache.db

[2010/09/22 08:56:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/22 08:43:37 | 000,080,954 | ---- | M] () -- C:\Users\Dimitri\Desktop\cache0.twr.pdf

[2010/09/22 08:43:21 | 000,067,282 | ---- | M] () -- C:\Users\Dimitri\Desktop\M1626_fo_ps_compliance.pdf

[2010/09/21 22:58:52 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2010/09/21 22:17:55 | 000,625,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/09/21 22:17:55 | 000,108,966 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/09/21 22:17:54 | 000,720,952 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/09/21 21:44:45 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/09/21 21:44:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/09/21 20:23:42 | 000,001,221 | ---- | M] () -- C:\CF-Submit.htm

[2010/09/21 20:14:16 | 000,095,744 | ---- | M] () -- C:\Users\Dimitri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/20 21:47:20 | 003,847,043 | R--- | M] () -- C:\Users\Dimitri\Desktop\ComboFix.exe

[2010/09/20 20:09:59 | 000,965,627 | ---- | M] () -- C:\Users\Dimitri\Desktop\mich.png

[2010/09/19 20:53:18 | 000,133,632 | ---- | M] () -- C:\Users\Dimitri\Desktop\RKUnhookerLE.EXE

[2010/09/19 20:52:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dimitri\Desktop\OTL.exe

[2010/09/14 20:21:12 | 000,002,487 | ---- | M] () -- C:\Users\Dimitri\Desktop\HiJackThis.lnk

[2010/09/13 22:18:53 | 000,185,874 | ---- | M] () -- C:\Users\Dimitri\Desktop\Picture1.png

[2010/09/01 20:31:52 | 000,150,917 | ---- | M] () -- C:\Users\Dimitri\Desktop\attach.zip

[2010/08/30 19:43:24 | 000,293,376 | ---- | M] () -- C:\Users\Dimitri\Desktop\nsfckwtr.exe

[2010/08/24 09:38:54 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk

[2010/08/24 08:30:03 | 000,182,012 | ---- | M] () -- C:\Users\Dimitri\Desktop\Doc1.docx

========== Files Created - No Company Name ==========

[2010/09/22 08:43:40 | 000,080,954 | ---- | C] () -- C:\Users\Dimitri\Desktop\cache0.twr.pdf

[2010/09/22 08:43:25 | 000,067,282 | ---- | C] () -- C:\Users\Dimitri\Desktop\M1626_fo_ps_compliance.pdf

[2010/09/21 20:23:42 | 000,001,221 | ---- | C] () -- C:\CF-Submit.htm

[2010/09/20 21:50:28 | 003,847,043 | R--- | C] () -- C:\Users\Dimitri\Desktop\ComboFix.exe

[2010/09/20 20:09:58 | 000,965,627 | ---- | C] () -- C:\Users\Dimitri\Desktop\mich.png

[2010/09/19 20:58:17 | 000,133,632 | ---- | C] () -- C:\Users\Dimitri\Desktop\RKUnhookerLE.EXE

[2010/09/13 22:18:53 | 000,185,874 | ---- | C] () -- C:\Users\Dimitri\Desktop\Picture1.png

[2010/09/02 19:19:05 | 1072,128,000 | -HS- | C] () -- C:\hiberfil.sys

[2010/09/01 20:31:52 | 000,150,917 | ---- | C] () -- C:\Users\Dimitri\Desktop\attach.zip

[2010/09/01 19:52:35 | 000,293,376 | ---- | C] () -- C:\Users\Dimitri\Desktop\nsfckwtr.exe

[2010/08/28 23:02:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/08/28 23:02:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/08/28 23:02:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/08/28 23:02:23 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/08/28 23:02:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/08/24 09:38:54 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk

[2010/08/24 08:55:05 | 000,002,487 | ---- | C] () -- C:\Users\Dimitri\Desktop\HiJackThis.lnk

[2010/06/18 21:54:27 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010/06/18 21:51:12 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/12/22 13:42:28 | 000,032,768 | ---- | C] () -- C:\Windows\System32\BCGPOleAcc.dll

[2009/12/19 09:11:27 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/04/23 19:34:23 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll

[2009/04/23 19:34:14 | 000,000,034 | ---- | C] () -- C:\Users\Dimitri\AppData\Roaming\pcouffin.log

[2009/04/23 19:33:31 | 000,081,920 | ---- | C] () -- C:\Users\Dimitri\AppData\Roaming\ezpinst.exe

[2009/04/23 19:33:31 | 000,007,176 | ---- | C] () -- C:\Users\Dimitri\AppData\Roaming\pcouffin.cat

[2009/04/23 19:33:31 | 000,001,144 | ---- | C] () -- C:\Users\Dimitri\AppData\Roaming\pcouffin.inf

[2009/04/23 18:10:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/04/21 21:59:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/04/19 20:02:59 | 000,000,000 | ---- | C] () -- C:\Users\Dimitri\AppData\Roaming\wklnhst.dat

[2009/03/31 18:42:41 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009/03/28 17:21:33 | 000,000,361 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/03/28 17:13:19 | 000,095,744 | ---- | C] () -- C:\Users\Dimitri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/02/28 03:55:36 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll

[2007/02/28 03:55:36 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll

[2007/02/28 03:45:42 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll

[2007/01/10 21:26:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 22:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 17:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/08/11 16:30:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/08/11 16:30:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/06/24 03:39:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

[2004/09/17 05:54:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:0888F409

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:C31F31E6

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7E95B6FD

< End of report >

Link to post
Share on other sites

Great glad things are working now :P

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.