Jump to content

MalwareBytes doesnt update (Normal & Safe Mode)


rveex

Recommended Posts

This is the 1st time I have been majorly infected in 11years of internet usage, please can you guys help me resolve this problem.

I recently got some malware on this house shared computer by the name of Antimalware Doctor, I thought I had succesfully removed this nasty peice of work, but I have problems with IE8 it lags and ends up hanging, so i am using firefox for the time being, I also downloaded your software to double check that I was clean, but when i try to update after install and in safe mode it gets to around 20% and the computer reboots, I did scan with a few results which were removed.

I also did a scan with Microsoft Security Essentials which pulled up some intresting results:

Virus:Win32/Bamital.G

file:C:\WINDOWS\explorer.exe

process:pid:1944

winlogonshell:HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\SHELL:Explorer.exe

Virus:Win32/Bamital.G

file:C:\WINDOWS\system32\winlogon.exe

process:pid:744

Trojan:WinNT/Bubnix.gen!A (REMOVED)

file:C:\WINDOWS\system32\drivers\yfmnbi.sys

But the two Batimal.G infections cant be deleted/fixed by MSE and are Quarantined, but i know it just reinfects itself.

Please Help..

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4874

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

23/10/2010 05:04:36

mbam-log-2010-10-23 (05-04-36).txt

Scan type: Quick scan

Objects scanned: 145607

Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DSS

DDS (Ver_10-10-21.02) - NTFSx86

Run by User at 5:11:13.42 on 23/10/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1415 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe

mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\ze4yc9qf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-23 165584]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-23 40384]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-5-16 33792]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

S1 imxpdjcp;imxpdjcp;\??\c:\windows\system32\drivers\imxpdjcp.sys --> c:\windows\system32\drivers\imxpdjcp.sys [?]

S1 yeafzqan;yeafzqan;\??\c:\windows\system32\drivers\yeafzqan.sys --> c:\windows\system32\drivers\yeafzqan.sys [?]

S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-23 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-23 40384]

S3 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]

=============== Created Last 30 ================

2010-10-23 01:19:33 507904 ----a-w- c:\windows\system32\winlogon.exe

2010-10-23 01:18:08 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{d65d1ab3-010d-4609-97d7-65b750aee0e6}\mpengine.dll

2010-10-23 01:00:01 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-10-22 23:58:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-22 23:58:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-22 23:34:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-22 14:46:46 38848 ----a-w- c:\windows\avastSS.scr

2010-10-22 14:46:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-10-22 04:09:19 -------- d-sha-r- C:\cmdcons

2010-10-22 02:03:54 192 ----a-w- c:\docume~1\user\applic~1\5190.bat

2010-10-22 02:03:51 193 ----a-w- c:\docume~1\user\applic~1\28302.bat

2010-10-22 02:03:47 193 ----a-w- c:\docume~1\user\applic~1\34459.bat

2010-10-12 21:08:35 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-10-09 23:01:30 -------- d-----w- c:\documents and settings\user\.shsh

2010-10-07 19:24:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX

2010-09-30 22:26:57 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-30 22:26:57 410976 ----a-w- c:\windows\system32\deploytk.dll

2010-09-30 22:25:24 -------- d-----w- c:\program files\PS3 Media Server

==================== Find3M ====================

2010-10-23 01:19:32 1033728 ----a-w- c:\windows\explorer.exe

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-04 08:20:32 116 ----a-w- c:\docume~1\alluse~1\applic~1\xlink.sys

============= FINISH: 5:13:07.04 ===============

Attach.zip

Link to post
Share on other sites

:D

Those two files are infected systemfiles which are a bit harder to replace with legit ones.

Step 1.

ComboFix:

Download ComboFix from one of these locations:

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. Here is a howto for some of the applications.
    They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 2.

CKScanner:

Download CKScanner from here

Important : Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 3.

Things I would like to see in your reply:

  • The content of C:\ComboFix.txt from step 1.
  • The content of CKFiles.txt from step 2.

Link to post
Share on other sites

Thanks for your quick reply your help is much appreciated.

I was unsure if you wanted the log contents posted or attached to the post so I have done both.

ComboFix 10-10-22.05 - User 23/10/2010 12:58:37.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1547 [GMT 1:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

PEV Error: AppFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))

.

2010-10-23 01:19 . 2010-10-23 01:19 507904 ----a-w- c:\windows\system32\winlogon.exe

2010-10-23 01:18 . 2010-10-18 08:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D65D1AB3-010D-4609-97D7-65B750AEE0E6}\mpengine.dll

2010-10-23 01:11 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-10-23 01:11 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-10-23 01:11 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-10-23 01:11 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-10-23 01:10 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-10-23 01:10 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-10-23 01:10 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-10-23 01:10 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-10-23 01:10 . 2010-10-23 01:10 -------- d-----w- c:\program files\Alwil Software

2010-10-23 01:00 . 2010-10-23 01:00 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-10-23 00:35 . 2010-10-23 00:35 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla

2010-10-22 23:58 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-22 23:58 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-22 23:34 . 2010-10-23 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-22 14:46 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-10-22 14:46 . 2010-10-22 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-10-22 02:37 . 2010-10-22 02:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-10-22 02:17 . 2010-10-22 02:18 -------- d-----w- c:\documents and settings\Administrator

2010-10-22 02:03 . 2010-10-22 02:03 192 ----a-w- c:\documents and settings\User\Application Data\5190.bat

2010-10-22 02:03 . 2010-10-22 02:03 193 ----a-w- c:\documents and settings\User\Application Data\28302.bat

2010-10-22 02:03 . 2010-10-22 02:03 193 ----a-w- c:\documents and settings\User\Application Data\34459.bat

2010-10-12 21:08 . 2008-04-14 13:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-10-10 01:30 . 2010-10-10 01:30 -------- d-----w- c:\windows\Sun

2010-10-09 23:01 . 2010-10-09 23:14 -------- d-----w- c:\documents and settings\User\.shsh

2010-10-07 19:24 . 2010-10-07 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-09-30 22:26 . 2010-09-30 22:26 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-30 22:26 . 2010-09-30 22:26 410976 ----a-w- c:\windows\system32\deploytk.dll

2010-09-30 22:26 . 2010-09-30 22:26 -------- d-----w- c:\program files\Java

2010-09-30 22:25 . 2010-09-30 22:29 -------- d-----w- c:\program files\PS3 Media Server

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-23 01:19 . 2008-04-14 13:00 1033728 ----a-w- c:\windows\explorer.exe

2010-09-18 11:23 . 2008-04-14 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-14 13:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-14 13:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-04-14 13:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-01 11:51 . 2008-04-14 13:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2008-04-14 13:00 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2008-04-14 13:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-04-14 13:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2008-04-14 13:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-11-09 15:38 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2008-04-14 13:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2008-04-14 13:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-04-14 13:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-04 08:20 . 2010-08-04 08:10 116 ----a-w- c:\documents and settings\All Users\Application Data\xlink.sys

.

------- Sigcheck -------

[-] 2010-10-23 . 65310795D0670303C8A480E982B86C58 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2010-10-23 . 95B52BF9DE18372F41946E3B53B21CFD . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-08-13 . 5223357CDF638BFEBF9F3A87C7C562F7 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-09-30 136600]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]

2008-08-26 15:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 05:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

2002-06-18 01:01 155648 ----a-w- c:\program files\VERITAS Software\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-18 20:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Documents and Settings\\User\\Desktop\\umbrella-4.1.6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/10/2010 02:11 165584]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [16/05/2009 17:15 33792]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 11:06 21632]

S1 imxpdjcp;imxpdjcp;\??\c:\windows\system32\drivers\imxpdjcp.sys --> c:\windows\system32\drivers\imxpdjcp.sys [?]

S1 yeafzqan;yeafzqan;\??\c:\windows\system32\drivers\yeafzqan.sys --> c:\windows\system32\drivers\yeafzqan.sys [?]

S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]

S3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 09:40 217088]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/04/2009 03:10 717296]

.

Contents of the 'Scheduled Tasks' folder

2010-10-23 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ze4yc9qf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\Common Files\Motive\npMotive.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-23 13:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89D8D446]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28

\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8

\Driver\atapi -> atapi.sys @ 0xb7f11852

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Intel® PRO/1000 PL Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb7e0abb0

PacketIndicateHandler -> NDIS.sys @ 0xb7e17a21

SendHandler -> NDIS.sys @ 0xb7df587b

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-10-23 13:12:09

ComboFix-quarantined-files.txt 2010-10-23 12:12

Pre-Run: 18,339,672,064 bytes free

Post-Run: 18,423,238,656 bytes free

- - End Of File - - 1077D83885A0525803CF886DDAFF6A14

CKScanner - Additional Security Risks - These are not necessarily bad

c:\apps\guitar pro tabs\guitar pro tabs\f\faith no more - crack hitler.gp3

c:\apps\guitar pro tabs\guitar pro tabs\f\focus - crackers.gp4

c:\apps\guitar pro tabs\guitar pro tabs\j\john death - cracked up.gp4

c:\apps\guitar pro tabs\guitar pro tabs\l\leftover crack - gang control.gp4

c:\apps\guitar pro tabs\guitar pro tabs\l\leftover crack - nazi white trash.gp4

c:\apps\guitar pro tabs\guitar pro tabs\l\leftover crack - operation mouve.gp4

c:\apps\guitar pro tabs\guitar pro tabs\l\limp bizkit - crack addict (2).gp4

c:\apps\guitar pro tabs\guitar pro tabs\l\limp bizkit - crack addict (3).gp4

c:\apps\guitar pro tabs\guitar pro tabs\l\limp bizkit - crack addict.gp4

c:\apps\guitar pro tabs\guitar pro tabs\m\malmsteen, yngwie - cracking the whip.gp4

c:\apps\guitar pro tabs\guitar pro tabs\n\nada surf - firecracker.gp4

c:\apps\guitar pro tabs\guitar pro tabs\p\pixies - crackity jones.gp3

c:\apps\guitar pro tabs\guitar pro tabs\s\soliz, david - crack kills.gp4

c:\apps\guitar pro tabs\guitar pro tabs\s\stone temple pilots - crackerman (2).gp3

c:\apps\guitar pro tabs\guitar pro tabs\s\stone temple pilots - crackerman.gp3

c:\apps\guitar pro tabs\guitar pro tabs\t\tchaikovsky, pioter ilych - nutcracker suite miniature overture.gp4

c:\apps\guitar pro tabs\guitar pro tabs\t\tchaikovsky, pioter ilych - waltz of the flowers from the nutcracker ballet, op. 71.gp3

c:\apps\guitar pro tabs\k-l\k-l\limp bizkit - crack addict.gp4

c:\apps\guitar pro tabs\n-o\n-o\nada surf - firecracker.gp4

c:\apps\guitar pro tabs\p\p\pixies - crackity jones.gp3

c:\apps\guitar pro tabs\powertab tabs\stone temple pilots - crackerman.ptb

c:\apps\guitar pro tabs\s\s\stone temple pilots - crackerman (2).gp3

c:\apps\guitar pro tabs\s\s\stone temple pilots - crackerman.gp3

c:\apps\guitar pro tabs\t-u\t-u\tchaikovsky, pioter ilych - nutcracker suite_ miniature overture.gp4

c:\apps\guitar pro tabs\t-u\t-u\tchaikovsky, pioter ilych - waltz of the flowers from the nutcracker ballet, op. 71.gp3

c:\documents and settings\user\my documents\ableton\presets\audio effects\vinyl distortion\crack.adv

c:\documents and settings\user\my documents\my music\kanye west\late orchestration_ live at abbey road studios\._03 crack music.m4a

c:\documents and settings\user\my documents\my music\kanye west\late orchestration_ live at abbey road studios\03 crack music.m4a

c:\documents and settings\user\my documents\my music\ryan adams\gold\._02 firecracker.m4a

c:\documents and settings\user\my documents\my music\ryan adams\gold\02 firecracker.m4a

scanner sequence 3.ZZ.11

----- EOF -----

ComboFix.zip

ckfiles.zip

Link to post
Share on other sites

I was unsure if you wanted the log contents posted or attached to the post so I have done both.
If I don't ask you to attach them, then don't, just paste them in. (Should they for some reason be very lengthy then attach them)

This is fixable

I need to find good replacements for those system files.

While I do that can you please run two Rootkit scanners.

Step 1.

GMER:

gmer.pngGMER Rootkit Scanner - Download here or here - Homepage

Why? Rootkits can generally be removed effectively, but they need to be removed before other malware can be cleaned, and they sometimes interfere with some of the tools we use. If you start a new topic, please include the GMER log as an initial check for the presence of rootkits:

  1. Extract the contents of the zipped file to desktop.
  2. Double click GMER.exe.
    gmer_zip.gif
  3. If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  4. In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      GMER_thumb.jpg
      Click the image to enlarge it

[*] Then click the Scan button & wait for it to finish.

[*] Once done click on the [save..] button, and in the File name area, type in "ark.txt"

[*]Save the log where you can easily find it, such as your desktop.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

Step 2.

Rootkit Unhooker:

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Step 3.

Things I would like to see in your reply:

  • The content of the log from GMER in step 1.
  • The content of the log from RKU in step 2.

Link to post
Share on other sites

Yes.

Also try running GMER with only these boxes checked

Sections

Files

C:\

Please also do this:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    explorer.exe
    winlogon.exe
    sfcfiles.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

The problem is with GMER is that i open/run the exe it loads but when i go to uncheck any of the options, the whole program freezes/hangs and unresponsive error occours.

here are the requested logs

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xB6320000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 7659520 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 191.07 )

0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 5902336 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 191.07 )

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xACAB3000 C:\WINDOWS\system32\drivers\sthda.sys 1015808 bytes (SigmaTel, Inc., NDRC)

0xB7E22000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA7762000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB6195000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA7847000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0x9EB2E000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0x9ECC6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB61F3000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB62B7000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 184320 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)

0x9ED57000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB7DF5000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xA77D2000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB62E4000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xA781F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0x9FC35000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)

0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xA773C000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xB626E000 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys 151552 bytes (Hauppauge Computer Works, Inc., WinTV PVR PCI II (v2) WDM Video Capture)

0x9F05F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xACA8F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB6293000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB624B000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xACA4C000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)

0xA77FD000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E4000 ACPI_HAL 134400 bytes

0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB7EEB000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xB7DDB000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB7F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0x9FC0C000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0x9F0AB000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)

0xB7EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB6234000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x9E45F000 C:\DOCUME~1\User\LOCALS~1\Temp\pxtdapow.sys 94208 bytes

0x9EF82000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB630C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xA78A0000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xB7EAF000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xB7ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB6223000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0x9FC24000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)

0xB6CED000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xB6D0D000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xA0CD1000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xAD5A4000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xB6CDD000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xB252F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xAD594000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xB80B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xB6B92000 C:\WINDOWS\system32\DRIVERS\cledx.sys 57344 bytes (Team H2O, Team H2O CLEDX DevWhore)

0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xB6CBD000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xB6CCD000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)

0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xB6C9D000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xAB9F4000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xB6CFD000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xB6CAD000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xABA14000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)

0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xB82F8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xB8118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xB6BA2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xABA34000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xB6D1D000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xB6C8D000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xABA04000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB8218000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xA0CE1000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xB8388000 C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys 32768 bytes

0xABCC9000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xB6C5D000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xABCE9000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xA1137000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xA0B75000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)

0xB6C55000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xB6C2D000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xB6C4D000 C:\WINDOWS\system32\DRIVERS\ManyCam.sys 24576 bytes (ManyCam LLC., ManyCam Virtual Webcam, WDM Video Capture Driver)

0xB8380000 C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys 24576 bytes

0xB6C25000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xB83A0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xABCD9000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xABCD1000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xB6C3D000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xB6C35000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xB6C45000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xA0B65000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0x9F037000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)

0xA1F6E000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xB8564000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA0C71000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xB84BC000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xA0C6D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xAC3D2000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0x89D50000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xA1F76000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xB8548000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xABE8C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xB85E6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xB85AA000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xB85C8000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xB85E4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xB85E8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xAB77A000 C:\WINDOWS\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)

0xABB79000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes

0xB8624000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xB85EA000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xB8648000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xB85A8000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xB877E000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0x9FDF6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xA7BB9000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

!!!!!!!!!!!Hidden driver: 0x89D8D292 ?_empty_? 3438 bytes

==============================================

>Stealth

==============================================

0xB7F0B000 WARNING: suspicious driver modification [atapi.sys::0x89D8D292]

SystemLook 04.09.10 by jpshortstuff

Log created at 14:04 on 23/10/2010 by User

Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"

C:\WINDOWS\explorer.exe --a---- 1033728 bytes [13:00 14/04/2008] [01:19 23/10/2010] 95B52BF9DE18372F41946E3B53B21CFD

Searching for "winlogon.exe"

C:\WINDOWS\system32\winlogon.exe --a---- 507904 bytes [01:19 23/10/2010] [01:19 23/10/2010] 65310795D0670303C8A480E982B86C58

Searching for "sfcfiles.dll"

C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [23:26 13/08/2008] [23:26 13/08/2008] 5223357CDF638BFEBF9F3A87C7C562F7

-= EOF =-

Link to post
Share on other sites

Rename gmer.exe to svchost.com and try again.

If that fails reboot into safemode and try once more.

Let's try another scan for those system files.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans set the File Age to 90 Days
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs

    msconfig

    safebootminimal

    safebootnetwork

    activex

    drivers32

    %SYSTEMDRIVE%\*.exe

    %ALLUSERSPROFILE%\Application Data\*.

    %ALLUSERSPROFILE%\Application Data\*.exe /s

    %APPDATA%\*.

    %APPDATA%\*.exe /s

    %systemroot%\*. /mp /s

    /md5start

    atapi.sys

    explorer.exe

    winlogon.exe

    sfcfiles.dll

    /md5stop

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Link to post
Share on other sites

I changed the GMER file name/extension as requested, ran in both normal and safe mode, but the same error happens, hangs up:

here are the OTL logs as requested:

OTL logfile created on: 23/10/2010 14:51:07 - Run 1

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\User\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.82 Gb Total Space | 17.18 Gb Free Space | 7.38% Space Free | Partition Type: NTFS

Drive D: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 7.52 Gb Total Space | 7.49 Gb Free Space | 99.58% Space Free | Partition Type: FAT32

Computer Name: PEZ | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 14:16:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

PRC - [2010/10/23 02:19:32 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2010/10/12 23:02:19 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009/09/14 17:56:46 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

PRC - [2008/08/26 16:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2005/10/23 00:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

PRC - [2005/03/22 18:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2010/10/23 14:16:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2009/09/14 17:56:44 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll

MOD - [2008/04/14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/05/16 18:09:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/08/26 16:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

SRV - [2008/08/17 09:40:50 | 000,217,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\yeafzqan.sys -- (yeafzqan)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\imxpdjcp.sys -- (imxpdjcp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/09/14 17:56:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2009/09/14 17:56:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/04/04 03:10:28 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 01:15:36 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus)

DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)

DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)

DRV - [2005/03/31 18:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

DRV - [2005/03/15 17:26:00 | 000,148,608 | R--- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)

DRV - [1997/12/23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 00 67 57 41 72 CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 01:35:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 01:35:08 | 000,000,000 | ---D | M]

[2010/10/23 01:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

[2010/10/23 01:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ze4yc9qf.default\extensions

[2010/10/23 01:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ze4yc9qf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/23 01:35:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/12 21:09:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/10/12 21:09:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/10/12 21:09:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/10/12 21:09:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/22 05:26:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)

O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Risk/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/02/14 11:43:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/30 09:30:42 | 000,000,154 | R--- | M] () - D:\autorun.cfg -- [ UDF ]

O32 - AutoRun File - [2008/11/27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - D:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2006/09/11 14:26:42 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

MsConfig - StartUpReg: StorageGuard - hkey= - key= - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)

MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.

ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework

ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)

ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.

ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.mp43 - C:\WINDOWS\System32\MPG4C32.DLL (Microcrap Corporation)

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/23 14:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/10/23 14:16:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2010/10/23 13:46:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/10/23 12:48:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/23 12:48:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/23 12:48:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/23 12:47:58 | 000,000,000 | ---D | C] -- C:\ComboFix

[2010/10/23 12:47:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/23 02:11:02 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/10/23 02:11:02 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/10/23 02:11:01 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/10/23 02:11:00 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/10/23 02:10:59 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/10/23 02:10:59 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/10/23 02:10:59 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/10/23 02:10:44 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/10/23 02:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/10/23 02:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/10/23 01:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla

[2010/10/23 01:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla

[2010/10/23 01:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/10/23 01:07:51 | 006,259,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-rules.exe

[2010/10/23 00:58:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/23 00:58:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/23 00:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/23 00:29:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution

[2010/10/22 23:43:11 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.46.exe

[2010/10/22 15:46:46 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/10/22 15:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/10/22 13:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/10/22 13:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/10/22 05:09:19 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/10/22 05:04:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/22 05:04:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/22 03:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/10/22 03:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/10/22 03:27:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010/10/22 03:03:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/10 02:30:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2010/10/10 00:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.shsh

[2010/10/07 20:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX

[2010/10/07 08:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/10/06 21:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads

[2010/09/30 23:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/09/30 23:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Sun

[2010/09/30 23:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server

[2010/09/02 17:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\mkvtoolnix

[2010/09/02 17:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix

[2010/08/29 03:35:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent

[2010/08/22 08:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\real

========== Files - Modified Within 90 Days ==========

[2010/10/23 14:46:08 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/10/23 14:40:58 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/10/23 14:40:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/23 14:16:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2010/10/23 14:04:29 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe

[2010/10/23 13:47:24 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RKUnhookerLE.EXE

[2010/10/23 13:47:15 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip

[2010/10/23 13:38:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/23 13:21:36 | 000,004,930 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.zip

[2010/10/23 13:21:24 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ckfiles.zip

[2010/10/23 12:43:52 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CKScanner.exe

[2010/10/23 12:43:46 | 003,884,040 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe

[2010/10/23 05:40:12 | 000,004,784 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Attach.zip

[2010/10/23 05:07:19 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable

[2010/10/23 05:01:01 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dds.scr

[2010/10/23 04:59:59 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\User\Desktop\avira_antivir_personal_en.exe

[2010/10/23 04:59:10 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Defogger.exe

[2010/10/23 02:11:02 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/10/23 02:11:00 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/10/23 02:00:03 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/23 01:59:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/23 01:55:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/23 01:45:04 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/10/23 01:35:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/10/23 01:35:12 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/23 01:35:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/23 01:16:02 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/23 01:07:57 | 006,259,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-rules.exe

[2010/10/23 00:54:34 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\User\Desktop\mbam-clean.exe

[2010/10/22 23:43:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.46.exe

[2010/10/22 13:03:34 | 000,000,327 | -HS- | M] () -- C:\boot.ini

[2010/10/22 05:26:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/10/22 04:29:37 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2010/10/22 03:03:54 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\User\Application Data\5190.bat

[2010/10/22 03:03:51 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\User\Application Data\28302.bat

[2010/10/22 03:03:47 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\User\Application Data\34459.bat

[2010/10/22 00:52:26 | 000,602,244 | ---- | M] () -- C:\Documents and Settings\User\Desktop\version1.png

[2010/10/22 00:46:27 | 000,416,403 | ---- | M] () -- C:\Documents and Settings\User\Desktop\version1.jpg

[2010/10/19 22:19:24 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\User\Desktop\svchost.com

[2010/10/13 10:55:43 | 001,693,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/11 09:17:38 | 000,081,880 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/10/10 01:24:47 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\User\Desktop\limera1n.exe

[2010/10/10 01:20:25 | 000,000,819 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella

[2010/10/09 23:29:45 | 005,159,936 | ---- | M] () -- C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe

[2010/10/08 17:18:14 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/08 17:18:14 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/06 20:41:14 | 000,881,788 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CD.jpg

[2010/09/30 23:25:39 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/09/30 23:24:29 | 015,314,705 | ---- | M] () -- C:\Documents and Settings\User\Desktop\pms-setup-windows-1.10.51.exe

[2010/09/23 12:46:03 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

[2010/09/22 19:38:19 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Work experiance info 4 BIMM.rtf

[2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/09/07 16:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/09/07 15:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/09/03 11:22:10 | 000,095,257 | ---- | M] () -- C:\Documents and Settings\User\Desktop\38635_484037237221_671367221_6862920_4394707_n.jpg

[2010/09/02 17:34:34 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mkvmerge GUI.lnk

[2010/08/30 21:47:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2010/08/14 09:11:24 | 001,543,988 | ---- | M] () -- C:\Documents and Settings\User\Desktop\VERITAS Software.rar

[2010/08/04 09:20:32 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xlink.sys

========== Files Created - No Company Name ==========

[2010/10/23 14:03:48 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe

[2010/10/23 13:48:39 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\User\Desktop\svchost.com

[2010/10/23 13:47:24 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RKUnhookerLE.EXE

[2010/10/23 13:47:15 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip

[2010/10/23 13:21:36 | 000,004,930 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.zip

[2010/10/23 13:21:24 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ckfiles.zip

[2010/10/23 12:48:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/23 12:48:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/23 12:48:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/23 12:48:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/23 12:48:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/10/23 12:43:49 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CKScanner.exe

[2010/10/23 12:43:29 | 003,884,040 | R--- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe

[2010/10/23 05:40:12 | 000,004,784 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Attach.zip

[2010/10/23 05:07:14 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable

[2010/10/23 05:00:53 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dds.scr

[2010/10/23 04:59:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Defogger.exe

[2010/10/23 04:58:22 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avira_antivir_personal_en.exe

[2010/10/23 02:11:02 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/10/23 02:05:16 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/10/23 02:00:03 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/23 01:35:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/10/23 01:35:12 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/23 01:35:12 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/23 00:54:34 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\User\Desktop\mbam-clean.exe

[2010/10/23 00:34:30 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/22 05:09:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/10/22 05:09:21 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/10/22 04:29:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2010/10/22 03:03:54 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\User\Application Data\5190.bat

[2010/10/22 03:03:51 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\User\Application Data\28302.bat

[2010/10/22 03:03:47 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\User\Application Data\34459.bat

[2010/10/22 00:52:24 | 000,602,244 | ---- | C] () -- C:\Documents and Settings\User\Desktop\version1.png

[2010/10/22 00:46:26 | 000,416,403 | ---- | C] () -- C:\Documents and Settings\User\Desktop\version1.jpg

[2010/10/10 01:24:45 | 000,327,680 | ---- | C] () -- C:\Documents and Settings\User\Desktop\limera1n.exe

[2010/10/10 00:38:25 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\User\umbrella0.log

[2010/10/09 23:29:34 | 005,159,936 | ---- | C] () -- C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe

[2010/10/06 20:41:13 | 000,881,788 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CD.jpg

[2010/09/30 23:25:39 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/09/30 23:24:29 | 015,314,705 | ---- | C] () -- C:\Documents and Settings\User\Desktop\pms-setup-windows-1.10.51.exe

[2010/09/23 12:37:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/09/22 18:47:36 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Work experiance info 4 BIMM.rtf

[2010/09/03 11:23:52 | 000,095,257 | ---- | C] () -- C:\Documents and Settings\User\Desktop\38635_484037237221_671367221_6862920_4394707_n.jpg

[2010/09/02 17:34:34 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mkvmerge GUI.lnk

[2010/08/14 09:11:22 | 001,543,988 | ---- | C] () -- C:\Documents and Settings\User\Desktop\VERITAS Software.rar

[2010/08/04 09:10:24 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xlink.sys

[2009/12/18 17:55:03 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/09 22:12:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/11/09 22:12:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/11/09 22:12:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/11/09 22:12:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/09 16:23:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2009/05/02 14:10:48 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009/02/20 16:01:13 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/19 22:32:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat

[2009/02/14 12:23:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll

[2009/02/14 11:33:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/01/28 19:50:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2002/09/08 19:37:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2001/08/31 16:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll

========== LOP Check ==========

[2010/10/22 15:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/04/04 03:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2009/02/14 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2009/02/14 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2009/10/31 17:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive

[2009/02/14 12:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/12/17 20:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/05/18 20:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/07/07 15:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/02/20 16:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ableton

[2010/08/29 00:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVI ReComp

[2009/04/04 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools

[2009/04/04 03:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite

[2009/04/04 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Pro

[2009/12/17 20:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iWin

[2010/04/16 04:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ManyCam

[2010/09/02 17:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mkvtoolnix

[2010/04/16 04:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OxelonMC

[2009/04/04 14:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3

[2009/12/17 20:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpinTop

[2009/10/31 17:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive

[2010/07/12 14:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify

[2009/05/16 17:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Steinberg

[2010/05/30 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StreamTorrent

[2009/03/13 17:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VERITAS

[2010/10/23 14:46:08 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

[2009/05/16 18:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2010/10/22 15:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/07/07 19:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/07/07 15:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/04/04 03:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2009/02/14 12:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell

[2010/10/07 20:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX

[2009/05/02 14:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2010/10/07 08:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/10/23 00:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/23 02:00:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2009/11/09 16:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive

[2009/11/09 20:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2009/02/14 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2009/02/14 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2009/10/31 17:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive

[2009/02/14 12:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/12/17 20:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/03/30 20:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks

[2009/11/09 16:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/11/09 16:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2010/05/18 20:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/07/07 15:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

[2010/06/15 20:01:34 | 000,072,504 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

[2008/08/26 23:58:08 | 018,598,696 | ---- | M] (PC-Doctor, Inc.) -- C:\Documents and Settings\All Users\Application Data\Dell\DellSupportCenter\installer\Setup.exe

[2010/10/07 20:25:22 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

[2010/10/07 20:25:51 | 000,057,409 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe

[2009/11/11 15:59:22 | 000,530,704 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe

[2009/11/11 15:59:26 | 000,530,704 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe

[2009/11/11 15:59:26 | 000,530,704 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe

[2010/10/07 20:25:52 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

[2010/10/07 20:25:55 | 000,056,765 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

[2010/10/07 20:25:52 | 000,054,174 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

[2010/10/07 20:25:53 | 000,057,532 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

[2010/10/07 20:25:54 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

[2010/10/07 20:25:55 | 000,057,054 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

[2010/10/07 20:25:50 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe

[2010/10/07 20:25:30 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe

[2010/10/22 23:21:35 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

[2010/10/07 20:24:14 | 000,876,824 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

[2010/10/07 20:25:55 | 000,053,600 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe

[2009/02/14 12:20:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE

< %APPDATA%\*. >

[2009/02/20 16:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ableton

[2010/04/24 23:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Adobe

[2009/07/08 09:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Apple Computer

[2010/08/29 00:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVI ReComp

[2009/04/04 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools

[2009/04/04 03:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite

[2009/04/04 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Pro

[2009/02/20 19:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DivX

[2010/04/25 12:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dvdcss

[2010/04/21 23:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Google

[2009/02/14 11:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Identities

[2010/07/07 18:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IGN_DLM

[2009/02/14 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InstallShield

[2009/12/17 20:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iWin

[2009/04/30 20:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Macromedia

[2010/10/23 00:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Malwarebytes

[2010/04/16 04:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ManyCam

[2009/03/05 22:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Media Player Classic

[2010/03/22 19:02:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Application Data\Microsoft

[2010/09/02 17:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mkvtoolnix

[2009/11/09 16:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Motive

[2010/10/23 01:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla

[2010/04/16 04:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OxelonMC

[2009/04/04 14:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3

[2009/12/17 20:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpinTop

[2009/10/31 17:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive

[2010/07/12 14:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify

[2009/05/16 17:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Steinberg

[2010/05/30 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StreamTorrent

[2010/09/30 23:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sun

[2010/05/29 23:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TVU Networks

[2010/09/23 19:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\U3

[2009/03/13 17:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VERITAS

[2009/03/20 16:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\vlc

[2009/03/20 13:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Winamp

[2009/02/20 16:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinRAR

< %APPDATA%\*.exe /s >

[2010/03/22 19:02:55 | 000,029,184 | R--- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe

[2010/05/29 23:05:36 | 005,642,000 | ---- | M] (TVU networks) -- C:\Documents and Settings\User\Application Data\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe

[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\User\Application Data\U3\temp\cleanup.exe

[2008/05/02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\User\Application Data\U3\temp\Launchpad Removal.exe

< %systemroot%\*. /mp /s >

< MD5 for: ATAPI.SYS >

[2008/04/14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >

[2010/10/23 02:19:32 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=95B52BF9DE18372F41946E3B53B21CFD -- C:\WINDOWS\explorer.exe

< MD5 for: SFCFILES.DLL >

[2008/08/14 00:26:46 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=5223357CDF638BFEBF9F3A87C7C562F7 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: WINLOGON.EXE >

[2010/10/23 02:19:32 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=65310795D0670303C8A480E982B86C58 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/14 14:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\config\*.sav >

[2009/02/14 11:31:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009/02/14 11:31:16 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009/02/14 11:31:15 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys

[2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys

[2010/09/07 15:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys

[2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys

[2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys

[2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys

[2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys

[2010/08/26 14:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2

< End of report >

OTL Extras logfile created on: 23/10/2010 14:51:07 - Run 1

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\User\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.82 Gb Total Space | 17.18 Gb Free Space | 7.38% Space Free | Partition Type: NTFS

Drive D: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 7.52 Gb Total Space | 7.49 Gb Free Space | 99.58% Space Free | Partition Type: FAT32

Computer Name: PEZ | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe" = C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe:*:Enabled:Umbrella - Save your SHSH! -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS RecordNow Update Manager

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8214CC02-6271-4DC8-B8DD-779933450264}" = VERITAS RecordNow

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A1B72584-0322-4D98-A247-9052370A1844}" = War Leaders - Clash of Nations

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) v1.0.3705

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"7-Zip" = 7-Zip 4.65

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4

"Alt.Binz" = Alt.Binz 0.25.0

"AVI ReComp" = AVI ReComp 1.4.6

"Avisynth" = AviSynth 2.5

"BT Broadband Desktop Help" = BT Broadband Desktop Help

"BT Yahoo! Applications" = BT Yahoo! Applications

"BTHomeHub" = BTHomeHub

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"Football Manager 2010" = Football Manager 2010

"InterVideo WinDVD" = InterVideo WinDVD

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.0 (Full)

"Live 6.0.1" = Live 6.0.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"ManyCam" = ManyCam 2.4 (remove only)

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Essentials" = Microsoft Security Essentials

"MKVtoolnix" = MKVtoolnix 4.2.0

"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)

"NVIDIA Drivers" = NVIDIA Drivers

"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1

"PROSet" = Intel® PRO Network Connections Drivers

"SopCast" = SopCast 3.2.4

"Spotify" = Spotify

"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944

"SyncroSoft Emu" = SyncroSoft Emu (Remove only)

"Syncrosoft's License Control" = Syncrosoft's License Control

"TVUPlayer" = TVUPlayer 2.5.2.2

"VLC media player" = VLC media player 0.9.8a

"VobSub" = VobSub 2.23

"Winamp" = Winamp

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 23/10/2010 09:26:43 | Computer Name = PEZ | Source = Application Hang | ID = 1002

Description = Hanging application OTL.exe, version 3.2.16.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 23/10/2010 09:27:06 | Computer Name = PEZ | Source = Application Hang | ID = 1002

Description = Hanging application OTL.exe, version 3.2.16.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 23/10/2010 09:29:23 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 09:29:23 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 09:29:23 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 09:29:23 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 09:40:59 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 09:41:00 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 09:41:00 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 09:41:00 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]

Error - 23/10/2010 07:52:10 | Computer Name = PEZ | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 23/10/2010 07:55:56 | Computer Name = PEZ | Source = Service Control Manager | ID = 7000

Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 23/10/2010 07:57:48 | Computer Name = PEZ | Source = Service Control Manager | ID = 7022

Description = The Automatic Updates service hung on starting.

Error - 23/10/2010 07:58:09 | Computer Name = PEZ | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 23/10/2010 08:04:13 | Computer Name = PEZ | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 23/10/2010 09:29:45 | Computer Name = PEZ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 23/10/2010 09:30:34 | Computer Name = PEZ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 23/10/2010 09:30:49 | Computer Name = PEZ | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Aavmker4 aswSP aswTdi Fips intelppm MpFilter

Error - 23/10/2010 09:33:44 | Computer Name = PEZ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 23/10/2010 09:41:11 | Computer Name = PEZ | Source = Service Control Manager | ID = 7000

Description = The aswFsBlk service failed to start due to the following error: %%2

< End of report >

Link to post
Share on other sites

There is a rootkit in there.

Let's see if we can get TDSSKiller to take care of it.

Step 1.

TDSSKiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2.

Download file:

We are going to need to download a file to extract the system files from.

Please go here and download WindowsXP-KB936929-SP3-x86-ENU.exe to your desktop.

Step 3.

Things I would like to see in your reply:

  • The content of the log from TDSSKiller in step 1.
  • Confirmation that you've downloaded the file in step 2 and saved it to your desktop.

Link to post
Share on other sites

I have succesfully downloaded the windows file you requested, here is the tdss report:

2010/10/23 15:38:29.0437 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/23 15:38:29.0437 ================================================================================

2010/10/23 15:38:29.0437 SystemInfo:

2010/10/23 15:38:29.0437

2010/10/23 15:38:29.0437 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/23 15:38:29.0437 Product type: Workstation

2010/10/23 15:38:29.0437 ComputerName: PEZ

2010/10/23 15:38:29.0437 UserName: User

2010/10/23 15:38:29.0437 Windows directory: C:\WINDOWS

2010/10/23 15:38:29.0437 System windows directory: C:\WINDOWS

2010/10/23 15:38:29.0437 Processor architecture: Intel x86

2010/10/23 15:38:29.0437 Number of processors: 2

2010/10/23 15:38:29.0437 Page size: 0x1000

2010/10/23 15:38:29.0437 Boot type: Normal boot

2010/10/23 15:38:29.0437 ================================================================================

2010/10/23 15:38:30.0312 Initialize success

2010/10/23 15:38:42.0781 ================================================================================

2010/10/23 15:38:42.0781 Scan started

2010/10/23 15:38:42.0781 Mode: Manual;

2010/10/23 15:38:42.0781 ================================================================================

2010/10/23 15:38:46.0390 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2010/10/23 15:38:46.0546 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/23 15:38:46.0625 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/23 15:38:46.0703 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/23 15:38:46.0828 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/23 15:38:47.0093 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/23 15:38:47.0218 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys

2010/10/23 15:38:47.0312 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2010/10/23 15:38:47.0375 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2010/10/23 15:38:47.0515 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2010/10/23 15:38:47.0812 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2010/10/23 15:38:47.0906 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/23 15:38:47.0968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/23 15:38:48.0125 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/23 15:38:48.0250 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/23 15:38:48.0437 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/23 15:38:48.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/23 15:38:48.0765 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/23 15:38:48.0875 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/23 15:38:48.0984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/23 15:38:49.0062 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/23 15:38:49.0234 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys

2010/10/23 15:38:49.0468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/23 15:38:49.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/23 15:38:49.0703 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/23 15:38:49.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/23 15:38:49.0890 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/23 15:38:49.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/23 15:38:50.0015 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2010/10/23 15:38:50.0125 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/23 15:38:50.0203 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/10/23 15:38:50.0296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/23 15:38:50.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/10/23 15:38:50.0453 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/10/23 15:38:50.0531 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/23 15:38:50.0578 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/23 15:38:50.0640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/23 15:38:50.0687 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/23 15:38:50.0765 hcwPP2 (ecc2b633b909448c2806ea36ffea1933) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys

2010/10/23 15:38:50.0812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/23 15:38:50.0906 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys

2010/10/23 15:38:51.0000 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/23 15:38:51.0109 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/23 15:38:51.0406 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

2010/10/23 15:38:51.0546 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/23 15:38:51.0906 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/23 15:38:52.0015 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/10/23 15:38:52.0125 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/23 15:38:52.0203 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/23 15:38:52.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/23 15:38:52.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/23 15:38:52.0390 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys

2010/10/23 15:38:52.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/23 15:38:52.0578 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/23 15:38:52.0625 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/23 15:38:52.0703 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/23 15:38:52.0750 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/23 15:38:52.0843 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/23 15:38:52.0953 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys

2010/10/23 15:38:53.0015 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/23 15:38:53.0062 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/23 15:38:53.0109 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/23 15:38:53.0218 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/23 15:38:53.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/23 15:38:53.0390 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/23 15:38:53.0593 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2010/10/23 15:38:53.0671 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2010/10/23 15:38:53.0750 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/23 15:38:53.0875 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/23 15:38:53.0968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/23 15:38:54.0046 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/23 15:38:54.0109 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/23 15:38:54.0203 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/23 15:38:54.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/23 15:38:54.0359 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/23 15:38:54.0546 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/23 15:38:54.0671 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/23 15:38:54.0796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/23 15:38:54.0921 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/23 15:38:55.0031 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/23 15:38:55.0171 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/23 15:38:55.0234 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/23 15:38:55.0250 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/23 15:38:55.0328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/23 15:38:55.0406 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/23 15:38:55.0562 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/23 15:38:55.0640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/23 15:38:55.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/23 15:38:55.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/23 15:38:56.0046 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/23 15:38:56.0390 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/23 15:38:56.0437 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/23 15:38:56.0515 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/23 15:38:56.0578 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/10/23 15:38:56.0625 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/23 15:38:56.0703 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/23 15:38:56.0812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/23 15:38:56.0875 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/23 15:38:56.0937 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/23 15:38:57.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/23 15:38:57.0234 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/23 15:38:57.0265 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/23 15:38:57.0359 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/23 15:38:57.0656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/23 15:38:57.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/23 15:38:57.0796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/23 15:38:57.0859 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/23 15:38:57.0953 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/23 15:38:58.0031 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/23 15:38:58.0093 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/23 15:38:58.0156 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/23 15:38:58.0234 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/23 15:38:58.0375 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/23 15:38:58.0484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/10/23 15:38:58.0593 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/23 15:38:58.0812 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/23 15:38:58.0984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/23 15:38:59.0062 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys

2010/10/23 15:38:59.0750 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/23 15:38:59.0921 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/23 15:39:00.0031 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys

2010/10/23 15:39:00.0125 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/23 15:39:00.0218 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/23 15:39:00.0281 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/23 15:39:00.0593 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/23 15:39:00.0796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/23 15:39:00.0921 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/23 15:39:01.0015 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/23 15:39:01.0125 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/23 15:39:01.0328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/23 15:39:01.0421 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/23 15:39:01.0500 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/23 15:39:01.0531 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/23 15:39:01.0578 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/23 15:39:01.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/23 15:39:01.0734 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/23 15:39:01.0843 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/23 15:39:01.0921 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/23 15:39:02.0000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/23 15:39:02.0218 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/23 15:39:02.0296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/23 15:39:02.0375 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/23 15:39:02.0515 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/23 15:39:02.0562 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/23 15:39:02.0640 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/23 15:39:02.0750 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/23 15:39:02.0890 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/23 15:39:02.0890 ================================================================================

2010/10/23 15:39:02.0890 Scan finished

2010/10/23 15:39:02.0890 ================================================================================

2010/10/23 15:39:02.0906 Detected object count: 1

2010/10/23 15:39:25.0093 \HardDisk0\MBR - will be cured after reboot

2010/10/23 15:39:25.0093 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/23 15:39:40.0437 Deinitialize success

Link to post
Share on other sites

I have succesfully downloaded the windows file you requested, here is the tdss report:
You're on a fast connection. :)

Now we need to extract those files, verify them and also verify the mbr is OK.

Step 1.

Extracting files from Service pack 3:

Open notepad and copy/paste the text in the codebox below into it:

@echo Unpacking files ...   
@echo (This window will close when it's done)
@echo off
MKdir C:\SP3
WindowsXP-KB936929-SP3-x86-ENU.exe -x: C:\SP3 /quiet
cd C:\SP3\i386
expand winlogon.ex_ C:\SP3\winlogon.exe
expand explorer.ex_ C:\SP3\explorer.exe
expand sfcfiles.dl_ C:\SP3\sfcfiles.dll
del %0

Save this as ext.bat

Choose to "Save type as - All Files"

Save it on your desktop.

It should look like this: bat_icon.gif

Double click on ext.bat & allow it to run

A folder C:\SP3\i386 will be created with all the files in Service pack 3 in it.

sfcfiles.dl_, explorer.ex_ and winlogon.ex_ will be expanded to C:\SP3

Step 2.

OTL-scan:

OTL has been updated. Delete OTL.exe on your desktop

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click on the None - button.
  • Under the Custom Scan box paste this in


    %SYSTEMDRIVE%\*.*

    /md5start

    winlogon.exe

    explorer.exe

    sfcfiles.dll

    /md5stop

    CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open a notepad windows with OTL.Txt that's saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 3.

MBCheck:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step 4.

Things I would like to see in your reply:

  • The content of OTL.txt from step 2.
  • The content of the log from MBRCheck in step 3.

Link to post
Share on other sites

My internet speed is quite low compared to others in my area, but it does the job!

Again here are requested logs:

OTL logfile created on: 23/10/2010 16:28:53 - Run 2

OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\User\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.82 Gb Total Space | 16.38 Gb Free Space | 7.04% Space Free | Partition Type: NTFS

Drive D: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 7.52 Gb Total Space | 7.49 Gb Free Space | 99.58% Space Free | Partition Type: FAT32

Computer Name: PEZ | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17183584330711040)

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/02/14 11:43:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/02/02 18:47:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2010/10/22 13:03:34 | 000,000,327 | -HS- | M] () -- C:\boot.ini

[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2010/10/23 13:12:12 | 000,015,723 | ---- | M] () -- C:\ComboFix.txt

[2009/02/14 11:43:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009/02/14 11:43:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/02/14 11:43:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/14 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 14:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/10/23 15:40:40 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2010/10/23 15:39:40 | 000,037,532 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_15.38.29_log.txt

< MD5 for: EXPLORER.EXE >

[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\SP3\explorer.exe

[2010/10/23 02:19:32 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=95B52BF9DE18372F41946E3B53B21CFD -- C:\WINDOWS\explorer.exe

< MD5 for: SFCFILES.DLL >

[2008/08/14 00:26:46 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=5223357CDF638BFEBF9F3A87C7C562F7 -- C:\WINDOWS\system32\sfcfiles.dll

[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\SP3\sfcfiles.dll

< MD5 for: WINLOGON.EXE >

[2010/10/23 02:19:32 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=65310795D0670303C8A480E982B86C58 -- C:\WINDOWS\system32\winlogon.exe

[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\SP3\winlogon.exe

< End of report >

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 122):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E4000 \WINDOWS\system32\hal.dll

0xB85A8000 \WINDOWS\system32\KDCOM.DLL

0xB84B8000 \WINDOWS\system32\BOOTVID.dll

0xB7F79000 ACPI.sys

0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB7F68000 pci.sys

0xB80A8000 ohci1394.sys

0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xB80C8000 isapnp.sys

0xB8670000 pciide.sys

0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xB80D8000 MountMgr.sys

0xB7F49000 ftdisk.sys

0xB85AC000 dmload.sys

0xB7F23000 dmio.sys

0xB8330000 PartMgr.sys

0xB80E8000 VolSnap.sys

0xB7F0B000 atapi.sys

0xB80F8000 disk.sys

0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB7EEB000 fltMgr.sys

0xB7ED9000 sr.sys

0xB8118000 PxHelp20.sys

0xB7EC2000 KSecDD.sys

0xB7EAF000 WudfPf.sys

0xB7E22000 Ntfs.sys

0xB7DF5000 NDIS.sys

0xB7DDB000 Mup.sys

0xB8318000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB709D000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB7089000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB7061000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB7034000 \SystemRoot\system32\DRIVERS\e1e5132.sys

0xB8430000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB7010000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xB8438000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB8138000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xB6FEB000 \SystemRoot\system32\DRIVERS\hcwPP2.sys

0xB6FC8000 \SystemRoot\system32\DRIVERS\ks.sys

0xB8148000 \SystemRoot\system32\DRIVERS\imapi.sys

0xB8158000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xB8168000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB8440000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xB8448000 \SystemRoot\system32\DRIVERS\ManyCam.sys

0xB8178000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0xB86E1000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB8188000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB8598000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB6FB1000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB8198000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB81A8000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xB8450000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB6FA0000 \SystemRoot\system32\DRIVERS\psched.sys

0xB81B8000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xB8458000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xB8460000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB6F70000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xB81C8000 \SystemRoot\system32\DRIVERS\termdd.sys

0xB8468000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xB8470000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xB85E6000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB6F12000 \SystemRoot\system32\DRIVERS\update.sys

0xB7D9A000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB81D8000 \SystemRoot\system32\DRIVERS\cledx.sys

0xB81E8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB4294000 \SystemRoot\system32\drivers\sthda.sys

0xB4270000 \SystemRoot\system32\drivers\portcls.sys

0xB81F8000 \SystemRoot\system32\drivers\drmk.sys

0xB8208000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xB85EC000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xB422D000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0xB8622000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xB87C6000 \SystemRoot\System32\Drivers\Null.SYS

0xB8624000 \SystemRoot\System32\Drivers\Beep.SYS

0xB8498000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xB84A0000 \SystemRoot\System32\drivers\vga.sys

0xB8626000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xB8628000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xB84A8000 \SystemRoot\System32\Drivers\Msfs.SYS

0xB84B0000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB8568000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB41FA000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB41A1000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB8238000 \SystemRoot\System32\Drivers\aswTdi.SYS

0xB4179000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB4157000 \SystemRoot\System32\drivers\afd.sys

0xB8248000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB412C000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB4094000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB8258000 \SystemRoot\System32\Drivers\Fips.SYS

0xB406E000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xB8584000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xB8298000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xB82A8000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xB82B8000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xB8340000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xB858C000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xB64B0000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xB3FA7000 \SystemRoot\System32\Drivers\aswSP.SYS

0xB8368000 \SystemRoot\System32\Drivers\Aavmker4.SYS

0xB3F6E000 \SystemRoot\System32\Drivers\Udfs.SYS

0xB3F56000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xB862A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB648C000 \SystemRoot\System32\drivers\Dxapi.sys

0xB8378000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xB8682000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\nv4_disp.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xB3BB5000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB3A0E000 \SystemRoot\System32\Drivers\aswMon2.SYS

0xB38FA000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xB36DD000 \SystemRoot\system32\drivers\wdmaud.sys

0xB8288000 \SystemRoot\system32\drivers\sysaudio.sys

0xB29F8000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB332F000 \SystemRoot\System32\Drivers\Aspi32.SYS

0xB2967000 \SystemRoot\System32\Drivers\HTTP.sys

0xB2757000 \SystemRoot\system32\DRIVERS\srv.sys

0xB85F2000 \SystemRoot\system32\drivers\MSPQM.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):

0 System Idle Process

4 System

628 C:\WINDOWS\system32\smss.exe

688 csrss.exe

712 C:\WINDOWS\system32\winlogon.exe

756 C:\WINDOWS\system32\services.exe

768 C:\WINDOWS\system32\lsass.exe

948 C:\WINDOWS\system32\nvsvc32.exe

988 C:\WINDOWS\system32\svchost.exe

1052 svchost.exe

1148 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

1188 C:\WINDOWS\system32\svchost.exe

1228 C:\WINDOWS\system32\svchost.exe

1300 svchost.exe

1460 svchost.exe

1576 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1988 C:\WINDOWS\system32\spoolsv.exe

2036 C:\WINDOWS\explorer.exe

232 C:\WINDOWS\ehome\ehtray.exe

244 C:\WINDOWS\stsystra.exe

252 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

256 C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

284 C:\WINDOWS\system32\rundll32.exe

304 C:\Program Files\iTunes\iTunesHelper.exe

316 C:\Program Files\Java\jre6\bin\jusched.exe

324 C:\Program Files\DivX\DivX Update\DivXUpdate.exe

344 C:\Program Files\Microsoft Security Essentials\msseces.exe

376 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

428 C:\WINDOWS\system32\ctfmon.exe

1540 svchost.exe

1296 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1436 C:\WINDOWS\ehome\ehrecvr.exe

1720 C:\WINDOWS\ehome\ehSched.exe

496 C:\WINDOWS\system32\svchost.exe

1116 C:\Program Files\Java\jre6\bin\jqs.exe

2060 C:\Program Files\Common Files\Motive\McciCMService.exe

2052 C:\Program Files\Dell Support Center\bin\sprtsvc.exe

2176 svchost.exe

2188 C:\WINDOWS\system32\svchost.exe

2408 mcrdsvc.exe

2576 wmpnetwk.exe

3460 C:\WINDOWS\ehome\ehmsas.exe

3736 C:\Program Files\iPod\bin\iPodService.exe

3752 C:\WINDOWS\system32\dllhost.exe

1812 alg.exe

3056 C:\WINDOWS\NOTEPAD.EXE

2268 C:\Program Files\Mozilla Firefox\firefox.exe

268 C:\Documents and Settings\User\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.ADH

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Link to post
Share on other sites

Step 1.

Attach a file:

Change the extension on this file from .dat to .txt and attach it in your reply. (.dat extensions aren't allowed to be uploaded)

C:\QooBox\BackEnv\AppData.Folder.dat ----> C:\QooBox\BackEnv\AppData.Folder.txt

Step 2.

ComboFix:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\system32\drivers\imxpdjcp.sys
c:\windows\system32\drivers\yeafzqan.sys
Driver::
imxpdjcp
yeafzqan
Dirlook::
c:\documents and settings\User\.shsh
FCopy::
C:\SP3\explorer.exe | C:\WINDOWS\explorer.exe
C:\SP3\winlogon.exe | C:\WINDOWS\system32\winlogon.exe
C:\SP3\sfcfiles.dll | C:\WINDOWS\system32\sfcfiles.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3.

Things I would like to see in your reply:

  • The file AppData.Folder.txt from step 1. attach in your reply
  • The content of C:\ComboFix.txt from step 2.

Link to post
Share on other sites

"C:\WINDOWS\system32\config\systemprofile\Application Data"

"C:\Documents and Settings\Administrator\Application Data"

"C:\Documents and Settings\LocalService\Application Data"

"C:\Documents and Settings\NetworkService\Application Data"

"C:\Documents and Settings\User\Application Data"

"C:\Documents and Settings\All Users\Application Data"

ComboFix 10-10-22.05 - User 23/10/2010 17:24:50.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1448 [GMT 1:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::

"c:\windows\system32\drivers\imxpdjcp.sys"

"c:\windows\system32\drivers\yeafzqan.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\User\Local Settings\Temporary Internet Files\mccA.tmp

.

--------------- FCopy ---------------

c:\sp3\explorer.exe --> c:\windows\explorer.exe

c:\sp3\winlogon.exe --> c:\windows\system32\winlogon.exe

c:\sp3\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_imxpdjcp

-------\Service_yeafzqan

((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))

.

2010-10-23 15:23 . 2010-10-23 15:25 -------- d-----w- C:\SP3

2010-10-23 14:28 . 2010-10-18 08:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54D5F8B4-CDCD-4171-8821-D0E7BEDC4799}\mpengine.dll

2010-10-23 14:28 . 2010-10-23 14:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2010-10-23 13:53 . 2010-10-23 13:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-10-23 01:19 . 2008-04-14 04:42 507904 -c--a-w- c:\windows\system32\dllcache\winlogon.exe

2010-10-23 01:19 . 2008-04-14 04:42 507904 ----a-w- c:\windows\system32\winlogon.exe

2010-10-23 01:11 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-10-23 01:11 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-10-23 01:11 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-10-23 01:11 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-10-23 01:10 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-10-23 01:10 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-10-23 01:10 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-10-23 01:10 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-10-23 01:10 . 2010-10-23 01:10 -------- d-----w- c:\program files\Alwil Software

2010-10-23 01:00 . 2010-10-23 01:00 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-10-23 00:35 . 2010-10-23 00:35 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla

2010-10-22 23:58 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-22 23:58 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-22 23:34 . 2010-10-23 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-22 14:46 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-10-22 14:46 . 2010-10-22 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-10-22 02:37 . 2010-10-22 02:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-10-22 02:17 . 2010-10-22 02:18 -------- d-----w- c:\documents and settings\Administrator

2010-10-22 02:03 . 2010-10-22 02:03 192 ----a-w- c:\documents and settings\User\Application Data\5190.bat

2010-10-22 02:03 . 2010-10-22 02:03 193 ----a-w- c:\documents and settings\User\Application Data\28302.bat

2010-10-22 02:03 . 2010-10-22 02:03 193 ----a-w- c:\documents and settings\User\Application Data\34459.bat

2010-10-12 21:08 . 2008-04-14 13:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-10-10 01:30 . 2010-10-10 01:30 -------- d-----w- c:\windows\Sun

2010-10-09 23:01 . 2010-10-09 23:14 -------- d-----w- c:\documents and settings\User\.shsh

2010-10-07 19:24 . 2010-10-07 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-09-30 22:26 . 2010-09-30 22:26 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-30 22:26 . 2010-09-30 22:26 410976 ----a-w- c:\windows\system32\deploytk.dll

2010-09-30 22:26 . 2010-09-30 22:26 -------- d-----w- c:\program files\Java

2010-09-30 22:25 . 2010-09-30 22:29 -------- d-----w- c:\program files\PS3 Media Server

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 11:23 . 2008-04-14 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-14 13:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-14 13:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-04-14 13:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-01 11:51 . 2008-04-14 13:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2008-04-14 13:00 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2008-04-14 13:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-04-14 13:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2008-04-14 13:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-11-09 15:38 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2008-04-14 13:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2008-04-14 13:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-04-14 13:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-04 08:20 . 2010-08-04 08:10 116 ----a-w- c:\documents and settings\All Users\Application Data\xlink.sys

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\documents and settings\User\.shsh ----

2010-10-09 23:14 . 2010-10-09 23:14 60902 ----a-w- c:\documents and settings\User\.shsh\4139442922445-iphone-4.1.shsh.0.bak

2010-10-09 23:03 . 2010-10-09 23:14 60902 ----a-w- c:\documents and settings\User\.shsh\4139442922445-iphone-4.1.shsh

2010-10-09 23:02 . 2010-10-10 00:20 5421 ----a-w- c:\documents and settings\User\.shsh\.known_devices\e93293db6bb9574926633cf4d35130c564fd9038.plist

((((((((((((((((((((((((((((( SnapShot@2010-10-23_12.08.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-23 16:30 . 2010-10-23 16:30 16384 c:\windows\Temp\Perflib_Perfdata_294.dat

+ 2008-04-14 13:00 . 2008-04-14 04:42 1033728 c:\windows\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]

"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-09-30 136600]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]

2008-08-26 15:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 05:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

2002-06-18 01:01 155648 ----a-w- c:\program files\VERITAS Software\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-18 20:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Documents and Settings\\User\\Desktop\\umbrella-4.1.6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/10/2010 02:11 165584]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [16/05/2009 17:15 33792]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 11:06 21632]

S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]

S3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 09:40 217088]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/04/2009 03:10 717296]

.

Contents of the 'Scheduled Tasks' folder

2010-10-23 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ze4yc9qf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\Common Files\Motive\npMotive.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-23 17:32

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2600)

c:\windows\system32\ieframe.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\dllhost.exe

c:\windows\stsystra.exe

c:\windows\eHome\ehmsas.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-10-23 17:36:05 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-23 16:36

ComboFix2.txt 2010-10-23 12:12

Pre-Run: 17,538,519,040 bytes free

Post-Run: 17,475,899,392 bytes free

- - End Of File - - D8C1CA6C24E7252DE3826D3052007036

Link to post
Share on other sites

We try again then

I want you to attach that file in your reply not paste it in.

Change the extension on this file from .dat to .txt and attach it in your reply. (.dat extensions aren't allowed to be uploaded)

C:\QooBox\BackEnv\AppData.Folder.dat ----> C:\QooBox\BackEnv\AppData.Folder.txt

Link to post
Share on other sites

Have you uninstalled avast?

(Looks as it's not properly uninstalled)

Step 1.

CFSCript:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2.

OTL-scan:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, tick the box beside Scan All Users at the top.
  • Underneath Output at the top set it to Standard Output.
  • Underneath the option Extra Registry set it to Use SafeList.
  • Underneath the option File Scans set the File Age to 90 Days
  • Underneath the option File Scans tick the boxes beside Use Company Name WhiteList, Skip Microsoft Files, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs

    msconfig

    drivers32

    %SYSTEMDRIVE%\*.exe

    %ALLUSERSPROFILE%\Application Data\*.

    %ALLUSERSPROFILE%\Application Data\*.exe /s

    %APPDATA%\*.

    %APPDATA%\*.exe /s

    %systemroot%\*. /mp /s

    type C:\Documents and Settings\User\Application Data\5190.bat /c

    type C:\Documents and Settings\User\Application Data\28302.bat /c

    type C:\Documents and Settings\User\Application Data\34459.bat /c

    type C:\WINDOWS\nsreg.dat /c

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 3.

Things I would like to see in your reply:

  • The content of C:\ComboFix.txt from step 1.
  • The content of OTL.txt and Extras.txt from step 2.

Link to post
Share on other sites

ComboFix 10-10-22.05 - User 23/10/2010 19:45:04.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1478 [GMT 1:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))

.

2010-10-23 15:23 . 2010-10-23 15:25 -------- d-----w- C:\SP3

2010-10-23 14:28 . 2010-10-18 08:41 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54D5F8B4-CDCD-4171-8821-D0E7BEDC4799}\mpengine.dll

2010-10-23 14:28 . 2010-10-23 14:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2010-10-23 13:53 . 2010-10-23 13:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-10-23 01:19 . 2008-04-14 04:42 507904 -c--a-w- c:\windows\system32\dllcache\winlogon.exe

2010-10-23 01:19 . 2008-04-14 04:42 507904 ----a-w- c:\windows\system32\winlogon.exe

2010-10-23 01:00 . 2010-10-23 01:00 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-10-23 00:35 . 2010-10-23 00:35 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla

2010-10-22 23:58 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-22 23:58 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-22 23:34 . 2010-10-23 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-22 14:46 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-10-22 14:46 . 2010-10-22 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-10-22 02:37 . 2010-10-22 02:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-10-22 02:17 . 2010-10-22 02:18 -------- d-----w- c:\documents and settings\Administrator

2010-10-22 02:03 . 2010-10-22 02:03 192 ----a-w- c:\documents and settings\User\Application Data\5190.bat

2010-10-22 02:03 . 2010-10-22 02:03 193 ----a-w- c:\documents and settings\User\Application Data\28302.bat

2010-10-22 02:03 . 2010-10-22 02:03 193 ----a-w- c:\documents and settings\User\Application Data\34459.bat

2010-10-12 21:08 . 2008-04-14 13:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-10-10 01:30 . 2010-10-10 01:30 -------- d-----w- c:\windows\Sun

2010-10-09 23:01 . 2010-10-09 23:14 -------- d-----w- c:\documents and settings\User\.shsh

2010-10-07 19:24 . 2010-10-07 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-09-30 22:26 . 2010-09-30 22:26 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-30 22:26 . 2010-09-30 22:26 410976 ----a-w- c:\windows\system32\deploytk.dll

2010-09-30 22:26 . 2010-09-30 22:26 -------- d-----w- c:\program files\Java

2010-09-30 22:25 . 2010-09-30 22:29 -------- d-----w- c:\program files\PS3 Media Server

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 11:23 . 2008-04-14 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-14 13:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-14 13:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-04-14 13:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 13:38 . 2008-08-13 23:09 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38 . 2008-08-13 23:08 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38 . 2009-08-29 07:36 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38 . 2008-08-13 23:08 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57 . 2008-08-13 23:08 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51 . 2008-04-14 13:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2008-04-14 13:00 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2008-04-14 13:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-04-14 13:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2008-04-14 13:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-11-09 15:38 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2008-04-14 13:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2008-04-14 13:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-04-14 13:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-04 08:20 . 2010-08-04 08:10 116 ----a-w- c:\documents and settings\All Users\Application Data\xlink.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-10-23_12.08.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-23 18:42 . 2010-10-23 18:42 16384 c:\windows\Temp\Perflib_Perfdata_46c.dat

+ 2008-08-13 23:09 . 2010-09-09 13:38 44544 c:\windows\system32\pngfilt.dll

- 2008-08-13 23:09 . 2008-08-13 23:09 44544 c:\windows\system32\pngfilt.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 52224 c:\windows\system32\msfeedsbs.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 27648 c:\windows\system32\jsproxy.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 44544 c:\windows\system32\iernonce.dll

+ 2008-08-13 23:08 . 2010-09-08 15:57 70656 c:\windows\system32\ie4uinit.exe

+ 2008-08-13 23:08 . 2010-09-09 13:38 63488 c:\windows\system32\icardie.dll

- 2008-08-13 23:09 . 2008-08-13 23:09 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-08-28 10:28 . 2010-09-08 15:57 13824 c:\windows\system32\dllcache\ieudinit.exe

- 2009-08-28 10:28 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2008-08-13 23:08 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2009-08-29 07:36 . 2010-09-09 13:38 78336 c:\windows\system32\dllcache\ieencode.dll

- 2009-08-29 07:36 . 2008-08-13 23:08 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2008-08-13 23:08 . 2010-09-08 15:57 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-08-29 07:36 . 2010-09-09 13:38 63488 c:\windows\system32\dllcache\icardie.dll

- 2009-08-29 07:36 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll

- 2008-08-13 23:08 . 2008-08-13 23:08 17408 c:\windows\system32\dllcache\corpol.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 17408 c:\windows\system32\dllcache\corpol.dll

+ 2010-10-23 17:00 . 2008-08-13 23:09 44544 c:\windows\ie7updates\KB2360131-IE7\pngfilt.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 50688 c:\windows\ie7updates\KB2360131-IE7\msfeedsbs.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 27136 c:\windows\ie7updates\KB2360131-IE7\jsproxy.dll

+ 2010-10-23 17:00 . 2009-08-28 10:28 13824 c:\windows\ie7updates\KB2360131-IE7\ieudinit.exe

+ 2010-10-23 17:00 . 2008-08-13 23:08 43008 c:\windows\ie7updates\KB2360131-IE7\iernonce.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 78336 c:\windows\ie7updates\KB2360131-IE7\ieencode.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 54784 c:\windows\ie7updates\KB2360131-IE7\ie4uinit.exe

+ 2010-10-23 17:00 . 2008-08-13 23:08 61952 c:\windows\ie7updates\KB2360131-IE7\icardie.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 17408 c:\windows\ie7updates\KB2360131-IE7\corpol.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 233472 c:\windows\system32\webcheck.dll

- 2008-04-14 13:00 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll

+ 2008-04-14 13:00 . 2010-03-09 11:09 430080 c:\windows\system32\vbscript.dll

- 2008-08-13 23:09 . 2008-08-13 23:09 105984 c:\windows\system32\url.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 105984 c:\windows\system32\url.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 102912 c:\windows\system32\occache.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 671232 c:\windows\system32\mstime.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 193024 c:\windows\system32\msrating.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 478208 c:\windows\system32\mshtmled.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 468480 c:\windows\system32\msfeeds.dll

- 2008-04-14 13:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll

+ 2008-04-14 13:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 268288 c:\windows\system32\iertutil.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 192512 c:\windows\system32\iepeers.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 384512 c:\windows\system32\iedkcs32.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 380928 c:\windows\system32\ieapfltr.dll

+ 2008-08-13 23:08 . 2010-08-25 11:29 161792 c:\windows\system32\ieakui.dll

- 2008-08-13 23:08 . 2008-08-13 23:08 161792 c:\windows\system32\ieakui.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 230400 c:\windows\system32\ieaksie.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 153088 c:\windows\system32\ieakeng.dll

- 2008-08-13 23:08 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 133120 c:\windows\system32\extmgr.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 214528 c:\windows\system32\dxtrans.dll

- 2008-08-13 23:08 . 2008-08-13 23:08 214528 c:\windows\system32\dxtrans.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 347136 c:\windows\system32\dxtmsft.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 832512 c:\windows\system32\dllcache\wininet.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2008-04-14 13:00 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll

- 2008-04-14 13:00 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll

- 2008-08-13 23:09 . 2008-08-13 23:09 105984 c:\windows\system32\dllcache\url.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 105984 c:\windows\system32\dllcache\url.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 102912 c:\windows\system32\dllcache\occache.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 671232 c:\windows\system32\dllcache\mstime.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 193024 c:\windows\system32\dllcache\msrating.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 478208 c:\windows\system32\dllcache\mshtmled.dll

+ 2008-04-14 13:00 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll

- 2008-04-14 13:00 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll

+ 2009-02-14 10:41 . 2010-08-25 11:30 634648 c:\windows\system32\dllcache\iexplore.exe

+ 2008-08-13 23:08 . 2010-09-09 13:38 192512 c:\windows\system32\dllcache\iepeers.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 384512 c:\windows\system32\dllcache\iedkcs32.dll

- 2009-08-29 07:36 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll

+ 2009-08-29 07:36 . 2010-09-09 13:38 380928 c:\windows\system32\dllcache\ieapfltr.dll

- 2008-08-13 23:08 . 2008-08-13 23:08 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2008-08-13 23:08 . 2010-08-25 11:29 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 230400 c:\windows\system32\dllcache\ieaksie.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 153088 c:\windows\system32\dllcache\ieakeng.dll

- 2008-08-13 23:08 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 133120 c:\windows\system32\dllcache\extmgr.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 214528 c:\windows\system32\dllcache\dxtrans.dll

- 2008-08-13 23:08 . 2008-08-13 23:08 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 124928 c:\windows\system32\dllcache\advpack.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 124928 c:\windows\system32\advpack.dll

+ 2010-10-23 17:00 . 2008-08-13 23:09 818688 c:\windows\ie7updates\KB2360131-IE7\wininet.dll

+ 2010-10-23 17:00 . 2008-08-13 23:09 231424 c:\windows\ie7updates\KB2360131-IE7\webcheck.dll

+ 2010-10-23 17:00 . 2008-08-13 23:09 105984 c:\windows\ie7updates\KB2360131-IE7\url.dll

+ 2010-10-23 17:00 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2360131-IE7\spuninst\updspapi.dll

+ 2010-10-23 17:00 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2360131-IE7\spuninst\spuninst.exe

+ 2010-10-23 17:00 . 2008-08-13 23:09 101376 c:\windows\ie7updates\KB2360131-IE7\occache.dll

+ 2010-10-23 17:00 . 2008-08-13 23:09 670720 c:\windows\ie7updates\KB2360131-IE7\mstime.dll

+ 2010-10-23 17:00 . 2008-08-13 23:09 192000 c:\windows\ie7updates\KB2360131-IE7\msrating.dll

+ 2010-10-23 17:00 . 2008-08-13 23:09 475648 c:\windows\ie7updates\KB2360131-IE7\mshtmled.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 458752 c:\windows\ie7updates\KB2360131-IE7\msfeeds.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 622080 c:\windows\ie7updates\KB2360131-IE7\iexplore.exe

+ 2010-10-23 17:00 . 2008-08-13 23:08 266752 c:\windows\ie7updates\KB2360131-IE7\iertutil.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 191488 c:\windows\ie7updates\KB2360131-IE7\iepeers.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 382976 c:\windows\ie7updates\KB2360131-IE7\iedkcs32.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 383488 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 161792 c:\windows\ie7updates\KB2360131-IE7\ieakui.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 229376 c:\windows\ie7updates\KB2360131-IE7\ieaksie.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 152064 c:\windows\ie7updates\KB2360131-IE7\ieakeng.dll

+ 2010-10-23 17:00 . 2009-08-29 07:36 133120 c:\windows\ie7updates\KB2360131-IE7\extmgr.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 214528 c:\windows\ie7updates\KB2360131-IE7\dxtrans.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 346624 c:\windows\ie7updates\KB2360131-IE7\dxtmsft.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 123904 c:\windows\ie7updates\KB2360131-IE7\advpack.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 1168384 c:\windows\system32\urlmon.dll

+ 2008-08-13 23:26 . 2008-04-14 04:42 1614848 c:\windows\system32\sfcfiles.dll

- 2008-08-13 23:26 . 2008-08-13 23:26 1614848 c:\windows\system32\sfcfiles.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 3601920 c:\windows\system32\mshtml.dll

+ 2008-08-13 23:08 . 2010-09-09 13:38 6075904 c:\windows\system32\ieframe.dll

+ 2008-08-13 23:08 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat

+ 2008-08-13 23:09 . 2010-09-09 13:38 1168384 c:\windows\system32\dllcache\urlmon.dll

+ 2008-08-13 23:09 . 2010-09-09 13:38 3601920 c:\windows\system32\dllcache\mshtml.dll

+ 2008-04-14 13:00 . 2008-04-14 04:42 1033728 c:\windows\system32\dllcache\explorer.exe

+ 2010-10-23 17:00 . 2008-08-13 23:09 1162240 c:\windows\ie7updates\KB2360131-IE7\urlmon.dll

+ 2010-10-23 17:00 . 2008-08-13 23:09 3578368 c:\windows\ie7updates\KB2360131-IE7\mshtml.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 6049280 c:\windows\ie7updates\KB2360131-IE7\ieframe.dll

+ 2010-10-23 17:00 . 2008-08-13 23:08 2451312 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dat

- 2008-04-14 13:00 . 2010-10-23 01:19 1033728 c:\windows\explorer.exe

+ 2008-04-14 13:00 . 2008-04-14 04:42 1033728 c:\windows\explorer.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]

"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-09-30 136600]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]

2008-08-26 15:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 05:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

2002-06-18 01:01 155648 ----a-w- c:\program files\VERITAS Software\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-18 20:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Documents and Settings\\User\\Desktop\\umbrella-4.1.6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [16/05/2009 17:15 33792]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 11:06 21632]

S3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 09:40 217088]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/04/2009 03:10 717296]

.

Contents of the 'Scheduled Tasks' folder

2010-10-23 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ze4yc9qf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\Common Files\Motive\npMotive.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4036)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Completion time: 2010-10-23 19:53:27

ComboFix-quarantined-files.txt 2010-10-23 18:53

ComboFix2.txt 2010-10-23 12:12

Pre-Run: 17,429,155,840 bytes free

Post-Run: 17,418,153,984 bytes free

- - End Of File - - 0EDD0C54BF7BC9E1D9B752EDF323F2E9

OTL logfile created on: 23/10/2010 19:55:36 - Run 3

OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\User\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.82 Gb Total Space | 16.24 Gb Free Space | 6.97% Space Free | Partition Type: NTFS

Drive D: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 7.52 Gb Total Space | 7.49 Gb Free Space | 99.58% Space Free | Partition Type: FAT32

Computer Name: PEZ | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 19:43:50 | 000,389,120 | R--- | M] (Microsoft Corporation) -- C:\ComboFix\CF30850.cfxxe

PRC - [2010/10/23 16:27:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009/10/25 06:11:34 | 000,077,312 | R--- | M] () -- C:\ComboFix\mbr.cfxxe

PRC - [2009/09/14 17:56:46 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

PRC - [2008/08/26 16:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/10/23 00:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

PRC - [2005/03/22 18:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2010/10/23 16:27:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2009/09/14 17:56:44 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/05/16 18:09:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/08/26 16:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

SRV - [2008/08/17 09:40:50 | 000,217,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/09/14 17:56:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2009/09/14 17:56:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/04/04 03:10:28 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 01:15:36 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus)

DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)

DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)

DRV - [2005/03/31 18:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

DRV - [2005/03/15 17:26:00 | 000,148,608 | R--- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)

DRV - [1997/12/23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-1757981266-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKU\S-1-5-21-1645522239-1757981266-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 00 67 57 41 72 CB 01 [binary data]

IE - HKU\S-1-5-21-1645522239-1757981266-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-1757981266-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 01:35:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 01:35:08 | 000,000,000 | ---D | M]

[2010/10/23 01:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

[2010/10/23 01:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ze4yc9qf.default\extensions

[2010/10/23 01:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ze4yc9qf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/23 01:35:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/12 21:09:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/10/12 21:09:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/10/12 21:09:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/10/12 21:09:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/23 17:31:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)

O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1645522239-1757981266-1177238915-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1645522239-1757981266-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1645522239-1757981266-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1645522239-1757981266-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Risk/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/02/14 11:43:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/30 09:30:42 | 000,000,154 | R--- | M] () - D:\autorun.cfg -- [ UDF ]

O32 - AutoRun File - [2008/11/27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - D:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2006/09/11 14:26:42 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

MsConfig - StartUpReg: StorageGuard - hkey= - key= - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)

MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.mp43 - C:\WINDOWS\System32\MPG4C32.DLL (Microcrap Corporation)

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/23 19:43:57 | 000,000,000 | ---D | C] -- C:\ComboFix

[2010/10/23 16:26:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2010/10/23 16:23:28 | 000,000,000 | ---D | C] -- C:\SP3

[2010/10/23 15:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\tdsskiller

[2010/10/23 15:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities

[2010/10/23 15:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities

[2010/10/23 14:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/10/23 12:48:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/23 12:48:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/23 12:48:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/23 12:47:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/23 02:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/10/23 01:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla

[2010/10/23 01:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla

[2010/10/23 01:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/10/23 01:07:51 | 006,259,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-rules.exe

[2010/10/23 00:58:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/23 00:58:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/23 00:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/23 00:29:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution

[2010/10/22 23:43:11 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.46.exe

[2010/10/22 15:46:46 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/10/22 15:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/10/22 13:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/10/22 13:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/10/22 05:09:19 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/10/22 05:04:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/22 05:04:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/22 03:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/10/22 03:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/10/22 03:27:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010/10/22 03:03:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/10 02:30:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2010/10/10 00:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.shsh

[2010/10/07 20:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX

[2010/10/07 08:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/10/06 21:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads

[2010/09/30 23:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/09/30 23:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Sun

[2010/09/30 23:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server

[2010/09/02 17:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\mkvtoolnix

[2010/09/02 17:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix

[2010/08/29 03:35:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent

[2010/08/22 08:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\real

========== Files - Modified Within 90 Days ==========

[2010/10/23 19:53:27 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/10/23 19:42:12 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/10/23 19:42:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/23 19:39:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/10/23 18:00:35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/10/23 17:31:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/10/23 16:32:18 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBRCheck.exe

[2010/10/23 16:27:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2010/10/23 14:04:29 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe

[2010/10/23 13:47:24 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RKUnhookerLE.EXE

[2010/10/23 13:47:15 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip

[2010/10/23 13:38:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/23 13:21:36 | 000,004,930 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.zip

[2010/10/23 13:21:24 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ckfiles.zip

[2010/10/23 12:43:52 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CKScanner.exe

[2010/10/23 12:43:46 | 003,884,040 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe

[2010/10/23 05:40:12 | 000,004,784 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Attach.zip

[2010/10/23 05:07:19 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable

[2010/10/23 05:01:01 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dds.scr

[2010/10/23 04:59:59 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\User\Desktop\avira_antivir_personal_en.exe

[2010/10/23 04:59:10 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Defogger.exe

[2010/10/23 02:00:03 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/23 01:59:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/23 01:55:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/23 01:35:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/10/23 01:35:12 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/23 01:35:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/23 01:16:02 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/23 01:07:57 | 006,259,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-rules.exe

[2010/10/23 00:54:34 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\User\Desktop\mbam-clean.exe

[2010/10/22 23:43:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.46.exe

[2010/10/22 13:03:34 | 000,000,327 | -HS- | M] () -- C:\boot.ini

[2010/10/22 04:29:37 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2010/10/22 03:03:54 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\User\Application Data\5190.bat

[2010/10/22 03:03:51 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\User\Application Data\28302.bat

[2010/10/22 03:03:47 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\User\Application Data\34459.bat

[2010/10/22 00:52:26 | 000,602,244 | ---- | M] () -- C:\Documents and Settings\User\Desktop\version1.png

[2010/10/22 00:46:27 | 000,416,403 | ---- | M] () -- C:\Documents and Settings\User\Desktop\version1.jpg

[2010/10/19 22:19:24 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\User\Desktop\svchost.com

[2010/10/13 10:55:43 | 001,693,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/11 09:17:38 | 000,081,880 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/10/10 01:24:47 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\User\Desktop\limera1n.exe

[2010/10/10 01:20:25 | 000,000,819 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella

[2010/10/09 23:29:45 | 005,159,936 | ---- | M] () -- C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe

[2010/10/08 17:18:14 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/08 17:18:14 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/06 20:41:14 | 000,881,788 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CD.jpg

[2010/09/30 23:25:39 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/09/30 23:24:29 | 015,314,705 | ---- | M] () -- C:\Documents and Settings\User\Desktop\pms-setup-windows-1.10.51.exe

[2010/09/23 12:46:03 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

[2010/09/22 19:38:19 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Work experiance info 4 BIMM.rtf

[2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/09/03 11:22:10 | 000,095,257 | ---- | M] () -- C:\Documents and Settings\User\Desktop\38635_484037237221_671367221_6862920_4394707_n.jpg

[2010/09/02 17:34:34 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mkvmerge GUI.lnk

[2010/08/30 21:47:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2010/08/14 09:11:24 | 001,543,988 | ---- | M] () -- C:\Documents and Settings\User\Desktop\VERITAS Software.rar

[2010/08/04 09:20:32 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xlink.sys

========== Files Created - No Company Name ==========

[2010/10/23 16:32:17 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBRCheck.exe

[2010/10/23 14:03:48 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe

[2010/10/23 13:48:39 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\User\Desktop\svchost.com

[2010/10/23 13:47:24 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RKUnhookerLE.EXE

[2010/10/23 13:47:15 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip

[2010/10/23 13:21:36 | 000,004,930 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.zip

[2010/10/23 13:21:24 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ckfiles.zip

[2010/10/23 12:48:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/23 12:48:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/23 12:48:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/23 12:48:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/23 12:48:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/10/23 12:43:49 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CKScanner.exe

[2010/10/23 12:43:29 | 003,884,040 | R--- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe

[2010/10/23 05:40:12 | 000,004,784 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Attach.zip

[2010/10/23 05:07:14 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable

[2010/10/23 05:00:53 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dds.scr

[2010/10/23 04:59:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Defogger.exe

[2010/10/23 04:58:22 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avira_antivir_personal_en.exe

[2010/10/23 02:05:16 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/10/23 02:00:03 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/23 01:35:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/10/23 01:35:12 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/23 01:35:12 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/23 00:54:34 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\User\Desktop\mbam-clean.exe

[2010/10/23 00:34:30 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/22 05:09:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/10/22 05:09:21 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/10/22 04:29:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2010/10/22 03:03:54 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\User\Application Data\5190.bat

[2010/10/22 03:03:51 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\User\Application Data\28302.bat

[2010/10/22 03:03:47 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\User\Application Data\34459.bat

[2010/10/22 00:52:24 | 000,602,244 | ---- | C] () -- C:\Documents and Settings\User\Desktop\version1.png

[2010/10/22 00:46:26 | 000,416,403 | ---- | C] () -- C:\Documents and Settings\User\Desktop\version1.jpg

[2010/10/10 01:24:45 | 000,327,680 | ---- | C] () -- C:\Documents and Settings\User\Desktop\limera1n.exe

[2010/10/10 00:38:25 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\User\umbrella0.log

[2010/10/09 23:29:34 | 005,159,936 | ---- | C] () -- C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe

[2010/10/06 20:41:13 | 000,881,788 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CD.jpg

[2010/09/30 23:25:39 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/09/30 23:24:29 | 015,314,705 | ---- | C] () -- C:\Documents and Settings\User\Desktop\pms-setup-windows-1.10.51.exe

[2010/09/23 12:37:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/09/22 18:47:36 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Work experiance info 4 BIMM.rtf

[2010/09/03 11:23:52 | 000,095,257 | ---- | C] () -- C:\Documents and Settings\User\Desktop\38635_484037237221_671367221_6862920_4394707_n.jpg

[2010/09/02 17:34:34 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mkvmerge GUI.lnk

[2010/08/14 09:11:22 | 001,543,988 | ---- | C] () -- C:\Documents and Settings\User\Desktop\VERITAS Software.rar

[2010/08/04 09:10:24 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xlink.sys

[2009/12/18 17:55:03 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/09 22:12:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/11/09 22:12:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/11/09 22:12:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/11/09 22:12:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/09 16:23:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2009/05/02 14:10:48 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009/02/20 16:01:13 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/19 22:32:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat

[2009/02/14 12:23:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll

[2009/02/14 11:33:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/01/28 19:50:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2002/09/08 19:37:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2001/08/31 16:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll

========== LOP Check ==========

[2010/10/22 15:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/04/04 03:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2009/02/14 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2009/02/14 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2009/10/31 17:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive

[2009/02/14 12:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/12/17 20:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/05/18 20:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/07/07 15:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/02/20 16:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ableton

[2010/08/29 00:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVI ReComp

[2009/04/04 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools

[2009/04/04 03:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite

[2009/04/04 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Pro

[2009/12/17 20:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iWin

[2010/04/16 04:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ManyCam

[2010/09/02 17:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mkvtoolnix

[2010/04/16 04:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OxelonMC

[2009/04/04 14:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3

[2009/12/17 20:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpinTop

[2009/10/31 17:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive

[2010/07/12 14:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify

[2009/05/16 17:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Steinberg

[2010/05/30 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StreamTorrent

[2009/03/13 17:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VERITAS

[2010/10/23 19:53:27 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

[2009/05/16 18:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2010/10/22 15:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/07/07 19:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/07/07 15:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/04/04 03:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2009/02/14 12:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell

[2010/10/07 20:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX

[2009/05/02 14:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2010/10/07 08:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/10/23 00:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/23 02:00:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2009/11/09 16:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive

[2009/11/09 20:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2009/02/14 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2009/02/14 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2009/10/31 17:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive

[2009/02/14 12:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/12/17 20:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/03/30 20:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks

[2009/11/09 16:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/11/09 16:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2010/05/18 20:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/07/07 15:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

[2010/06/15 20:01:34 | 000,072,504 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

[2008/08/26 23:58:08 | 018,598,696 | ---- | M] (PC-Doctor, Inc.) -- C:\Documents and Settings\All Users\Application Data\Dell\DellSupportCenter\installer\Setup.exe

[2010/10/07 20:25:22 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

[2010/10/07 20:25:51 | 000,057,409 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe

[2009/11/11 15:59:22 | 000,530,704 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe

[2009/11/11 15:59:26 | 000,530,704 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe

[2009/11/11 15:59:26 | 000,530,704 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe

[2010/10/07 20:25:52 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

[2010/10/07 20:25:55 | 000,056,765 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

[2010/10/07 20:25:52 | 000,054,174 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

[2010/10/07 20:25:53 | 000,057,532 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

[2010/10/07 20:25:54 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

[2010/10/07 20:25:55 | 000,057,054 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

[2010/10/07 20:25:50 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe

[2010/10/07 20:25:30 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe

[2010/10/22 23:21:35 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

[2010/10/07 20:24:14 | 000,876,824 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

[2010/10/07 20:25:55 | 000,053,600 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe

[2009/02/14 12:20:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE

< %APPDATA%\*. >

[2009/02/20 16:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ableton

[2010/04/24 23:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Adobe

[2009/07/08 09:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Apple Computer

[2010/08/29 00:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVI ReComp

[2009/04/04 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools

[2009/04/04 03:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite

[2009/04/04 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Pro

[2009/02/20 19:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DivX

[2010/04/25 12:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dvdcss

[2010/04/21 23:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Google

[2009/02/14 11:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Identities

[2010/07/07 18:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IGN_DLM

[2009/02/14 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InstallShield

[2009/12/17 20:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iWin

[2009/04/30 20:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Macromedia

[2010/10/23 00:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Malwarebytes

[2010/04/16 04:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ManyCam

[2009/03/05 22:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Media Player Classic

[2010/03/22 19:02:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Application Data\Microsoft

[2010/09/02 17:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mkvtoolnix

[2009/11/09 16:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Motive

[2010/10/23 01:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla

[2010/04/16 04:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OxelonMC

[2009/04/04 14:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3

[2009/12/17 20:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpinTop

[2009/10/31 17:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive

[2010/07/12 14:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify

[2009/05/16 17:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Steinberg

[2010/05/30 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StreamTorrent

[2010/09/30 23:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sun

[2010/05/29 23:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TVU Networks

[2010/09/23 19:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\U3

[2009/03/13 17:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VERITAS

[2009/03/20 16:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\vlc

[2009/03/20 13:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Winamp

[2009/02/20 16:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinRAR

< %APPDATA%\*.exe /s >

[2010/03/22 19:02:55 | 000,029,184 | R--- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe

[2010/05/29 23:05:36 | 005,642,000 | ---- | M] (TVU networks) -- C:\Documents and Settings\User\Application Data\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe

[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\User\Application Data\U3\temp\cleanup.exe

[2008/05/02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\User\Application Data\U3\temp\Launchpad Removal.exe

< %systemroot%\*. /mp /s >

< type C:\Documents and Settings\User\Application Data\5190.bat /c >

< type C:\Documents and Settings\User\Application Data\28302.bat /c >

< type C:\Documents and Settings\User\Application Data\34459.bat /c >

< type C:\WINDOWS\nsreg.dat /c >

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/14 14:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2009/02/14 11:31:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009/02/14 11:31:16 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009/02/14 11:31:15 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/08/26 14:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2

< End of report >

OTL Extras logfile created on: 23/10/2010 19:55:36 - Run 3

OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\User\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.82 Gb Total Space | 16.24 Gb Free Space | 6.97% Space Free | Partition Type: NTFS

Drive D: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 7.52 Gb Total Space | 7.49 Gb Free Space | 99.58% Space Free | Partition Type: FAT32

Computer Name: PEZ | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1645522239-1757981266-1177238915-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe" = C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe:*:Enabled:Umbrella - Save your SHSH! -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS RecordNow Update Manager

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8214CC02-6271-4DC8-B8DD-779933450264}" = VERITAS RecordNow

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A1B72584-0322-4D98-A247-9052370A1844}" = War Leaders - Clash of Nations

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) v1.0.3705

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"7-Zip" = 7-Zip 4.65

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4

"Alt.Binz" = Alt.Binz 0.25.0

"AVI ReComp" = AVI ReComp 1.4.6

"Avisynth" = AviSynth 2.5

"BT Broadband Desktop Help" = BT Broadband Desktop Help

"BT Yahoo! Applications" = BT Yahoo! Applications

"BTHomeHub" = BTHomeHub

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"Football Manager 2010" = Football Manager 2010

"InterVideo WinDVD" = InterVideo WinDVD

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.0 (Full)

"Live 6.0.1" = Live 6.0.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"ManyCam" = ManyCam 2.4 (remove only)

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Essentials" = Microsoft Security Essentials

"MKVtoolnix" = MKVtoolnix 4.2.0

"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)

"NVIDIA Drivers" = NVIDIA Drivers

"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1

"PROSet" = Intel® PRO Network Connections Drivers

"SopCast" = SopCast 3.2.4

"Spotify" = Spotify

"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944

"SyncroSoft Emu" = SyncroSoft Emu (Remove only)

"Syncrosoft's License Control" = Syncrosoft's License Control

"TVUPlayer" = TVUPlayer 2.5.2.2

"VLC media player" = VLC media player 0.9.8a

"VobSub" = VobSub 2.23

"Winamp" = Winamp

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 23/10/2010 12:30:37 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:10:37 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:10:37 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:10:37 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:10:37 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:42:14 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:42:14 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:42:15 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:42:15 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:45:11 | Computer Name = PEZ | Source = Application Error | ID = 1000

Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,

version 0.0.0.0, fault address 0x00082899.

[ System Events ]

Error - 23/10/2010 14:37:39 | Computer Name = PEZ | Source = Service Control Manager | ID = 7001

Description = The DNS Client service depends on the TCP/IP Protocol Driver service

which failed to start because of the following error: %%31

Error - 23/10/2010 14:37:39 | Computer Name = PEZ | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper service depends on the AFD service which

failed to start because of the following error: %%31

Error - 23/10/2010 14:37:39 | Computer Name = PEZ | Source = Service Control Manager | ID = 7001

Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver

service which failed to start because of the following error: %%31

Error - 23/10/2010 14:37:39 | Computer Name = PEZ | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 23/10/2010 14:37:39 | Computer Name = PEZ | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 23/10/2010 14:38:05 | Computer Name = PEZ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 23/10/2010 14:39:32 | Computer Name = PEZ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 23/10/2010 14:41:15 | Computer Name = PEZ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 23/10/2010 14:44:24 | Computer Name = PEZ | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 23/10/2010 14:50:28 | Computer Name = PEZ | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

< End of report >

Link to post
Share on other sites

Shall i run the avast cleaner in safe mode before proceeding with these steps?
Are you referring to this

Step 1.

OTL-fix:

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found
    [2010/10/23 01:35:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/10/22 03:03:54 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\User\Application Data\5190.bat
    [2010/10/22 03:03:51 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\User\Application Data\28302.bat
    [2010/10/22 03:03:47 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\User\Application Data\34459.bat
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog

Step 2.

Uninstall avast:

Uninstall avast and use the tool if needed.

Reboot.

Step 3.

OTL-scan:

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, untick the box beside Scan All Users at the top.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Under the Custom Scan box paste this in

    netsvcs

    msconfig

    safebootminimal

    safebootnetwork

    activex

    drivers32

    %SYSTEMDRIVE%\*.exe

    %ALLUSERSPROFILE%\Application Data\*.

    %ALLUSERSPROFILE%\Application Data\*.exe /s

    %APPDATA%\*.

    %APPDATA%\*.exe /s

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 4.

Things I would like to see in your reply:

  • The contrnt of the fixlog from OTL in step 1.
  • The content of OTL.txt and Extras.txt in step 3.

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk /r \??\G: deleted successfully.

C:\WINDOWS\nsreg.dat moved successfully.

C:\Documents and Settings\User\Application Data\5190.bat moved successfully.

C:\Documents and Settings\User\Application Data\28302.bat moved successfully.

C:\Documents and Settings\User\Application Data\34459.bat moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 65536 bytes

->Temporary Internet Files folder emptied: 131139 bytes

->Flash cache emptied: 1045 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1065027 bytes

->Flash cache emptied: 4302 bytes

User: User

->Temp folder emptied: 26661 bytes

->Temporary Internet Files folder emptied: 360407 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 49029376 bytes

->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 48.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

->Flash cache emptied: 0 bytes

User: NetworkService

->Flash cache emptied: 0 bytes

User: User

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.0 log created on 10232010_212101

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 23/10/2010 21:27:01 - Run 4

OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\User\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.82 Gb Total Space | 16.26 Gb Free Space | 6.98% Space Free | Partition Type: NTFS

Drive D: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 7.52 Gb Total Space | 7.49 Gb Free Space | 99.58% Space Free | Partition Type: FAT32

Computer Name: PEZ | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 16:27:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009/09/14 17:56:46 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

PRC - [2008/08/26 16:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/10/23 00:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

PRC - [2005/03/22 18:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2010/10/23 16:27:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2009/09/14 17:56:44 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/05/16 18:09:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/08/26 16:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

SRV - [2008/08/17 09:40:50 | 000,217,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/09/14 17:56:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2009/09/14 17:56:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/04/04 03:10:28 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 01:15:36 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus)

DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)

DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)

DRV - [2005/03/31 18:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

DRV - [2005/03/15 17:26:00 | 000,148,608 | R--- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)

DRV - [1997/12/23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 00 67 57 41 72 CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 01:35:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 01:35:08 | 000,000,000 | ---D | M]

[2010/10/23 01:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

[2010/10/23 01:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ze4yc9qf.default\extensions

[2010/10/23 01:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ze4yc9qf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/23 01:35:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/12 21:09:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/10/12 21:09:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/10/12 21:09:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/10/12 21:09:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/23 17:31:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)

O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Risk/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/02/14 11:43:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/30 09:30:42 | 000,000,154 | R--- | M] () - D:\autorun.cfg -- [ UDF ]

O32 - AutoRun File - [2008/11/27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - D:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2006/09/11 14:26:42 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

MsConfig - StartUpReg: StorageGuard - hkey= - key= - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)

MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.

ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework

ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)

ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.

ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.mp43 - C:\WINDOWS\System32\MPG4C32.DLL (Microcrap Corporation)

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 21:21:01 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/10/23 20:30:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/10/23 19:43:57 | 000,000,000 | ---D | C] -- C:\ComboFix

[2010/10/23 16:26:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2010/10/23 16:23:28 | 000,000,000 | ---D | C] -- C:\SP3

[2010/10/23 15:43:49 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe

[2010/10/23 15:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\tdsskiller

[2010/10/23 15:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities

[2010/10/23 15:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities

[2010/10/23 14:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/10/23 12:48:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/23 12:48:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/23 12:48:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/23 12:47:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/23 02:19:33 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winlogon.exe

[2010/10/23 02:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/10/23 01:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla

[2010/10/23 01:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla

[2010/10/23 01:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/10/23 01:07:51 | 006,259,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-rules.exe

[2010/10/23 00:58:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/23 00:58:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/23 00:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/23 00:29:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution

[2010/10/22 23:43:11 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.46.exe

[2010/10/22 15:46:46 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/10/22 15:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/10/22 13:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/10/22 13:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/10/22 05:09:19 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/10/22 05:04:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/22 05:04:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/22 03:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/10/22 03:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/10/22 03:27:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010/10/22 03:03:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/10 02:30:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2010/10/10 00:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.shsh

[2010/10/07 20:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX

[2010/10/07 08:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/10/06 21:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads

[2010/09/30 23:26:57 | 000,410,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2010/09/30 23:26:57 | 000,143,360 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/09/30 23:26:57 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/09/30 23:26:57 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/09/30 23:26:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/09/30 23:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/09/30 23:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Sun

[2010/09/30 23:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server

========== Files - Modified Within 30 Days ==========

[2010/10/23 21:27:15 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/10/23 21:22:48 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/10/23 21:22:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/23 19:39:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/10/23 18:00:35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/10/23 17:31:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/10/23 16:32:18 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBRCheck.exe

[2010/10/23 16:27:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[2010/10/23 15:55:05 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe

[2010/10/23 14:04:29 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe

[2010/10/23 13:47:24 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RKUnhookerLE.EXE

[2010/10/23 13:47:15 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip

[2010/10/23 13:38:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/23 13:21:36 | 000,004,930 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.zip

[2010/10/23 13:21:24 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ckfiles.zip

[2010/10/23 12:43:52 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CKScanner.exe

[2010/10/23 12:43:46 | 003,884,040 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe

[2010/10/23 05:40:12 | 000,004,784 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Attach.zip

[2010/10/23 05:07:19 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable

[2010/10/23 05:01:01 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dds.scr

[2010/10/23 04:59:59 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\User\Desktop\avira_antivir_personal_en.exe

[2010/10/23 04:59:10 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Defogger.exe

[2010/10/23 02:00:03 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/23 01:59:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/23 01:55:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/23 01:35:12 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/23 01:35:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/23 01:16:02 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/23 01:07:57 | 006,259,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-rules.exe

[2010/10/23 00:54:34 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\User\Desktop\mbam-clean.exe

[2010/10/22 23:43:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.46.exe

[2010/10/22 13:03:34 | 000,000,327 | -HS- | M] () -- C:\boot.ini

[2010/10/22 04:29:37 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2010/10/22 00:52:26 | 000,602,244 | ---- | M] () -- C:\Documents and Settings\User\Desktop\version1.png

[2010/10/22 00:46:27 | 000,416,403 | ---- | M] () -- C:\Documents and Settings\User\Desktop\version1.jpg

[2010/10/19 22:19:24 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\User\Desktop\svchost.com

[2010/10/13 10:55:43 | 001,693,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/11 09:17:38 | 000,081,880 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/10/10 01:24:47 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\User\Desktop\limera1n.exe

[2010/10/10 01:20:25 | 000,000,819 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella

[2010/10/09 23:29:45 | 005,159,936 | ---- | M] () -- C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe

[2010/10/08 17:18:14 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/08 17:18:14 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/06 20:41:14 | 000,881,788 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CD.jpg

[2010/09/30 23:26:40 | 000,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2010/09/30 23:26:40 | 000,143,360 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/09/30 23:26:40 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/09/30 23:26:40 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/09/30 23:26:40 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/09/30 23:25:39 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/09/30 23:24:29 | 015,314,705 | ---- | M] () -- C:\Documents and Settings\User\Desktop\pms-setup-windows-1.10.51.exe

========== Files Created - No Company Name ==========

[2010/10/23 16:32:17 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBRCheck.exe

[2010/10/23 14:03:48 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe

[2010/10/23 13:48:39 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\User\Desktop\svchost.com

[2010/10/23 13:47:24 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RKUnhookerLE.EXE

[2010/10/23 13:47:15 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip

[2010/10/23 13:21:36 | 000,004,930 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.zip

[2010/10/23 13:21:24 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ckfiles.zip

[2010/10/23 12:48:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/23 12:48:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/23 12:48:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/23 12:48:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/23 12:48:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/10/23 12:43:49 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CKScanner.exe

[2010/10/23 12:43:29 | 003,884,040 | R--- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe

[2010/10/23 05:40:12 | 000,004,784 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Attach.zip

[2010/10/23 05:07:14 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable

[2010/10/23 05:00:53 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dds.scr

[2010/10/23 04:59:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Defogger.exe

[2010/10/23 04:58:22 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avira_antivir_personal_en.exe

[2010/10/23 02:05:16 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/10/23 02:00:03 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/23 01:35:12 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/23 01:35:12 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/23 00:54:34 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\User\Desktop\mbam-clean.exe

[2010/10/23 00:34:30 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/22 05:09:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/10/22 05:09:21 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/10/22 04:29:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2010/10/22 00:52:24 | 000,602,244 | ---- | C] () -- C:\Documents and Settings\User\Desktop\version1.png

[2010/10/22 00:46:26 | 000,416,403 | ---- | C] () -- C:\Documents and Settings\User\Desktop\version1.jpg

[2010/10/10 01:24:45 | 000,327,680 | ---- | C] () -- C:\Documents and Settings\User\Desktop\limera1n.exe

[2010/10/10 00:38:25 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\User\umbrella0.log

[2010/10/09 23:29:34 | 005,159,936 | ---- | C] () -- C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe

[2010/10/06 20:41:13 | 000,881,788 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CD.jpg

[2010/09/30 23:25:39 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/09/30 23:24:29 | 015,314,705 | ---- | C] () -- C:\Documents and Settings\User\Desktop\pms-setup-windows-1.10.51.exe

[2010/09/23 12:37:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/08/04 09:10:24 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xlink.sys

[2009/12/18 17:55:03 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/09 22:12:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/11/09 22:12:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/11/09 22:12:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/11/09 22:12:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/09 16:23:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2009/05/02 14:10:48 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009/02/20 16:01:13 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/19 22:32:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat

[2009/02/14 12:23:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll

[2009/02/14 11:33:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/01/28 19:50:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2002/09/08 19:37:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2001/08/31 16:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

[2009/05/16 18:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2010/10/22 15:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/07/07 19:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/07/07 15:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/04/04 03:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2009/02/14 12:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell

[2010/10/07 20:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX

[2009/05/02 14:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2010/10/07 08:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/10/23 00:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/23 02:00:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2009/11/09 16:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive

[2009/11/09 20:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2009/02/14 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2009/02/14 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2009/10/31 17:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive

[2009/02/14 12:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/12/17 20:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/03/30 20:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks

[2009/11/09 16:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/11/09 16:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2010/05/18 20:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/07/07 15:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

[2010/06/15 20:01:34 | 000,072,504 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

[2008/08/26 23:58:08 | 018,598,696 | ---- | M] (PC-Doctor, Inc.) -- C:\Documents and Settings\All Users\Application Data\Dell\DellSupportCenter\installer\Setup.exe

[2010/10/07 20:25:22 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

[2010/10/07 20:25:51 | 000,057,409 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe

[2009/11/11 15:59:22 | 000,530,704 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe

[2009/11/11 15:59:26 | 000,530,704 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe

[2009/11/11 15:59:26 | 000,530,704 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe

[2010/10/07 20:25:52 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

[2010/10/07 20:25:55 | 000,056,765 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

[2010/10/07 20:25:52 | 000,054,174 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

[2010/10/07 20:25:53 | 000,057,532 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

[2010/10/07 20:25:54 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

[2010/10/07 20:25:55 | 000,057,054 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

[2010/10/07 20:25:50 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe

[2010/10/07 20:25:30 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe

[2010/10/22 23:21:35 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

[2010/10/07 20:24:14 | 000,876,824 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

[2010/10/07 20:25:55 | 000,053,600 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe

[2009/02/14 12:20:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE

< %APPDATA%\*. >

[2009/02/20 16:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ableton

[2010/04/24 23:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Adobe

[2009/07/08 09:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Apple Computer

[2010/08/29 00:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVI ReComp

[2009/04/04 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools

[2009/04/04 03:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite

[2009/04/04 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Pro

[2009/02/20 19:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DivX

[2010/04/25 12:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dvdcss

[2010/04/21 23:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Google

[2009/02/14 11:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Identities

[2010/07/07 18:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IGN_DLM

[2009/02/14 12:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InstallShield

[2009/12/17 20:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iWin

[2009/04/30 20:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Macromedia

[2010/10/23 00:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Malwarebytes

[2010/04/16 04:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ManyCam

[2009/03/05 22:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Media Player Classic

[2010/03/22 19:02:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Application Data\Microsoft

[2010/09/02 17:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mkvtoolnix

[2009/11/09 16:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Motive

[2010/10/23 01:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla

[2010/04/16 04:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OxelonMC

[2009/04/04 14:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3

[2009/12/17 20:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpinTop

[2009/10/31 17:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive

[2010/07/12 14:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify

[2009/05/16 17:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Steinberg

[2010/05/30 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StreamTorrent

[2010/09/30 23:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sun

[2010/05/29 23:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TVU Networks

[2010/09/23 19:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\U3

[2009/03/13 17:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VERITAS

[2009/03/20 16:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\vlc

[2009/03/20 13:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Winamp

[2009/02/20 16:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinRAR

< %APPDATA%\*.exe /s >

[2010/03/22 19:02:55 | 000,029,184 | R--- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe

[2010/05/29 23:05:36 | 005,642,000 | ---- | M] (TVU networks) -- C:\Documents and Settings\User\Application Data\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe

[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\User\Application Data\U3\temp\cleanup.exe

[2008/05/02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\User\Application Data\U3\temp\Launchpad Removal.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/14 14:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2009/02/14 11:31:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009/02/14 11:31:16 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009/02/14 11:31:15 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/08/26 14:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2

< End of report >

OTL Extras logfile created on: 23/10/2010 21:27:01 - Run 4

OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\User\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.82 Gb Total Space | 16.26 Gb Free Space | 6.98% Space Free | Partition Type: NTFS

Drive D: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 7.52 Gb Total Space | 7.49 Gb Free Space | 99.58% Space Free | Partition Type: FAT32

Computer Name: PEZ | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe" = C:\Documents and Settings\User\Desktop\umbrella-4.1.6.exe:*:Enabled:Umbrella - Save your SHSH! -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS RecordNow Update Manager

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8214CC02-6271-4DC8-B8DD-779933450264}" = VERITAS RecordNow

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A1B72584-0322-4D98-A247-9052370A1844}" = War Leaders - Clash of Nations

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) v1.0.3705

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"7-Zip" = 7-Zip 4.65

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4

"Alt.Binz" = Alt.Binz 0.25.0

"AVI ReComp" = AVI ReComp 1.4.6

"Avisynth" = AviSynth 2.5

"BT Broadband Desktop Help" = BT Broadband Desktop Help

"BT Yahoo! Applications" = BT Yahoo! Applications

"BTHomeHub" = BTHomeHub

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX Setup

"DVD Decrypter" = DVD Decrypter (Remove Only)

"Football Manager 2010" = Football Manager 2010

"InterVideo WinDVD" = InterVideo WinDVD

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.0 (Full)

"Live 6.0.1" = Live 6.0.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"ManyCam" = ManyCam 2.4 (remove only)

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Essentials" = Microsoft Security Essentials

"MKVtoolnix" = MKVtoolnix 4.2.0

"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)

"NVIDIA Drivers" = NVIDIA Drivers

"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1

"PROSet" = Intel® PRO Network Connections Drivers

"SopCast" = SopCast 3.2.4

"Spotify" = Spotify

"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944

"SyncroSoft Emu" = SyncroSoft Emu (Remove only)

"Syncrosoft's License Control" = Syncrosoft's License Control

"TVUPlayer" = TVUPlayer 2.5.2.2

"VLC media player" = VLC media player 0.9.8a

"VobSub" = VobSub 2.23

"Winamp" = Winamp

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 23/10/2010 14:10:37 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:42:14 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:42:14 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:42:15 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:42:15 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 14:45:11 | Computer Name = PEZ | Source = Application Error | ID = 1000

Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,

version 0.0.0.0, fault address 0x00082899.

Error - 23/10/2010 16:22:15 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 16:22:15 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 16:22:15 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 23/10/2010 16:22:15 | Computer Name = PEZ | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]

Error - 23/10/2010 14:41:15 | Computer Name = PEZ | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 23/10/2010 14:44:24 | Computer Name = PEZ | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 23/10/2010 14:50:28 | Computer Name = PEZ | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 23/10/2010 16:21:01 | Computer Name = PEZ | Source = Service Control Manager | ID = 7034

Description = The NVIDIA Display Driver Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 23/10/2010 16:21:01 | Computer Name = PEZ | Source = Service Control Manager | ID = 7031

Description = The Microsoft Antimalware Service service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in

15000 milliseconds: Restart the service.

Error - 23/10/2010 16:21:01 | Computer Name = PEZ | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 23/10/2010 16:21:01 | Computer Name = PEZ | Source = Service Control Manager | ID = 7034

Description = The Java Quick Starter service terminated unexpectedly. It has done

this 1 time(s).

Error - 23/10/2010 16:21:02 | Computer Name = PEZ | Source = Service Control Manager | ID = 7034

Description = The McciCMService service terminated unexpectedly. It has done this

1 time(s).

Error - 23/10/2010 16:21:02 | Computer Name = PEZ | Source = Service Control Manager | ID = 7034

Description = The SupportSoft Sprocket Service (DellSupportCenter) service terminated

unexpectedly. It has done this 1 time(s).

Error - 23/10/2010 16:21:02 | Computer Name = PEZ | Source = Service Control Manager | ID = 7034

Description = The iPod Service service terminated unexpectedly. It has done this

1 time(s).

< End of report >

Link to post
Share on other sites