Jump to content

Infected PC


Recommended Posts

Every time i run the scan it finds one object and it says it is removed but it keeps reappearing at each subsequent scan.

Also i've had to uninstall IE8 as it was not running at all. This is why I am using IE6 at the moment.

Here's the log file:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5179

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

24/11/2010 7:04:54 PM

mbam-log-2010-11-24 (19-04-54).txt

Scan type: Quick scan

Objects scanned: 161300

Time elapsed: 17 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DSBZ2CYM\dm4[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello ,

And :D My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

The problem first started with Internet Explorer 8 redirecting to other websites when using Google search. Then IE8 stopped working altogether, i.e. I couldn't even open it when double clicking the logo on the desktop. I then reverted back to an older version (IE6) but it still kept redirecting on google searches. Now running Avira Antivirus and Malware Bytes scanners I get infected objects but can't seem to get rid of them as they keep reappearing when scanning again. Also my PC can't restart on its own it just hangs and I have to manually power off and power on again to restart.

I also get random restarts about every 30 mins with the following error:

STOP: C000010d7 Unknown Hard Error

or

STOP: C0000f9c Unknown Hard Error

I haven't downloaded any new drivers recently so I think it's some sort of virus.

Ok, here's the logs:

OTL.txt

OTL logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

PRC - [2010/11/15 13:47:34 | 008,777,728 | ---- | M] (2Squared Software) -- C:\Program Files\RegClean\RegClean.exe

PRC - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/11/09 10:10:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/09/07 16:23:06 | 000,972,720 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe

PRC - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

PRC - [2010/04/27 10:47:12 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

PRC - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe

PRC - [2006/02/28 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

MOD - [2006/02/28 22:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Spooler)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)

SRV - [2010/04/27 10:44:52 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)

SRV - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)

SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV - [2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/04/19 16:15:04 | 000,036,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2010/04/06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)

DRV - [2010/04/06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV - [2010/04/06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)

DRV - [2010/04/06 18:32:32 | 000,022,024 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcombus.sys -- (BTCOMBUS)

DRV - [2010/04/06 18:32:28 | 000,025,992 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcomport.sys -- (BTCOM)

DRV - [2009/06/17 14:01:50 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/02/19 15:39:44 | 000,191,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2007/03/01 15:22:53 | 003,994,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2006/09/05 19:04:38 | 001,419,968 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)

DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/02/28 22:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2005/09/30 14:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/09/30 14:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2004/08/13 12:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/04 09:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)

DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.175.219.24:3128

O1 HOSTS File: ([2006/02/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (MB2 Toolbar) - {013A635F-E3AA-4371-B682-ECE95CA974B0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [btTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)

O4 - HKLM..\Run: [C6501Sound] File not found

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [RegClean] C:\Program Files\RegClean\RegClean.exe (2Squared Software)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: uziotlpbuqdaejyzqalcTaskMgr = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_18)

O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_19)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/06 00:49:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 22:40:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 21:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 21:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean

[2010/11/24 20:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/24 20:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/11/24 19:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/11/24 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2010/11/23 16:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/11/23 12:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/11/23 11:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/11/23 11:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/11/20 10:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\My Documents\Eva Letter

[2010/11/19 11:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Malwarebytes

[2010/11/19 11:25:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/19 11:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/19 11:25:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/19 11:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/19 10:36:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/11/17 15:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/11/17 15:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/11/17 15:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2010/11/17 15:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Safari

[2010/11/17 12:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine

[2010/11/17 12:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2010/10/26 10:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 22:46:00 | 000,006,510 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/11/24 22:45:51 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System\C6501.ini

[2010/11/24 22:45:47 | 000,001,212 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 22:45:41 | 000,089,134 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/11/24 22:45:37 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/24 22:45:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/11/24 22:44:13 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js

[2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010/11/24 21:30:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/11/24 20:57:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010/11/24 19:53:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010/11/24 18:29:33 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Microsoft Office Word 2007.lnk

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/11/24 17:03:52 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI

[2010/11/24 16:56:15 | 003,913,031 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:21 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010/11/23 22:15:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/23 21:22:50 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/11/23 18:10:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010/11/23 15:30:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/11/19 11:25:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:52:07 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:27:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/11/17 18:36:04 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:30:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/15 15:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/11/10 15:01:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/11/07 19:30:42 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/07 19:30:41 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Google Chrome.lnk

[2010/11/06 16:11:40 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

[2010/11/05 20:25:42 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/01 15:27:45 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 21:16:12 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 18:57:44 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 16:56:15 | 003,913,031 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:20 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/23 20:35:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2010/11/23 20:35:03 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll

[2010/11/23 12:11:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 10:44:02 | 000,007,500 | ---- | C] () -- C:\WINDOWS\System32\123.js

[2010/11/19 11:25:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:42:40 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010/11/17 15:30:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/10 15:01:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/01 15:27:45 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[2010/07/04 16:08:48 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI

[2010/07/04 16:07:18 | 000,006,510 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/07/04 16:07:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI

[2010/07/04 16:04:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI

[2010/06/22 13:52:28 | 000,001,212 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini

[2010/05/07 11:07:53 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2010/05/07 11:03:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2010/05/07 11:03:53 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2010/05/07 11:03:53 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2010/05/07 11:03:48 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5240.INI

[2010/05/07 10:52:52 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2010/05/07 10:52:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll

[2010/05/07 10:52:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL

[2010/05/07 10:52:22 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

[2010/05/06 20:15:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\c6501rm.dll

[2010/05/06 20:15:22 | 000,004,712 | R--- | C] () -- C:\WINDOWS\C6501.ini

[2010/05/06 20:13:24 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2010/05/06 20:13:21 | 000,012,675 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010/05/06 20:13:10 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010/05/06 16:54:47 | 000,290,904 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll

[2010/05/06 16:39:29 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/06 13:22:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI

[2010/05/06 10:39:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/04/27 10:43:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll

[2010/04/06 18:33:10 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys

[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll

[2007/03/01 15:22:53 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/03/01 15:22:53 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/03/01 15:22:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/03/01 15:22:53 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2007/03/01 15:22:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/03/01 15:22:53 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/03/01 15:22:53 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/02/28 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/07/04 16:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2010/05/20 17:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2010/11/24 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 20:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/05/06 13:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/05/06 16:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XADCHHWJYG

[2010/09/16 15:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/10/25 16:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/05/30 03:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Blitware

[2010/09/16 23:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\imeshmediabartb

[2010/07/03 17:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\MSA

[2010/05/13 10:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Naviextras

[2010/05/28 07:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape

[2010/11/24 21:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 19:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/05/06 17:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Uniblue

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

[2010/05/30 03:31:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Scheduled Scan.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- (IVT Corporation)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)

"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)

"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)

"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)

"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)

"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)

"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)

"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)

"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Saf

Link to post
Share on other sites

The problem first started with Internet Explorer 8 redirecting to other websites when using Google search. Then IE8 stopped working altogether, i.e. I couldn't even open it when double clicking the logo on the desktop. I then reverted back to an older version (IE6) but it still kept redirecting on google searches. Now running Avira Antivirus and Malware Bytes scanners I get infected objects but can't seem to get rid of them as they keep reappearing when scanning again. Also my PC can't restart on its own it just hangs and I have to manually power off and power on again to restart.

I also get random restarts about every 30 mins with the following error:

STOP: C000010d7 Unknown Hard Error

or

STOP: C0000f9c Unknown Hard Error

I haven't downloaded any new drivers recently so I think it's some sort of virus.

Ok, here's the logs:

OTL.txt

OTL logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

PRC - [2010/11/15 13:47:34 | 008,777,728 | ---- | M] (2Squared Software) -- C:\Program Files\RegClean\RegClean.exe

PRC - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/11/09 10:10:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/09/07 16:23:06 | 000,972,720 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe

PRC - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

PRC - [2010/04/27 10:47:12 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

PRC - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe

PRC - [2006/02/28 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

MOD - [2006/02/28 22:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Spooler)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)

SRV - [2010/04/27 10:44:52 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)

SRV - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)

SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV - [2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/04/19 16:15:04 | 000,036,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2010/04/06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)

DRV - [2010/04/06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV - [2010/04/06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)

DRV - [2010/04/06 18:32:32 | 000,022,024 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcombus.sys -- (BTCOMBUS)

DRV - [2010/04/06 18:32:28 | 000,025,992 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcomport.sys -- (BTCOM)

DRV - [2009/06/17 14:01:50 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/02/19 15:39:44 | 000,191,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2007/03/01 15:22:53 | 003,994,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2006/09/05 19:04:38 | 001,419,968 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)

DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/02/28 22:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2005/09/30 14:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/09/30 14:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2004/08/13 12:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/04 09:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)

DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.175.219.24:3128

O1 HOSTS File: ([2006/02/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (MB2 Toolbar) - {013A635F-E3AA-4371-B682-ECE95CA974B0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [btTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)

O4 - HKLM..\Run: [C6501Sound] File not found

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [RegClean] C:\Program Files\RegClean\RegClean.exe (2Squared Software)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: uziotlpbuqdaejyzqalcTaskMgr = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_18)

O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_19)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/06 00:49:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 22:40:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 21:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 21:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean

[2010/11/24 20:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/24 20:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/11/24 19:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/11/24 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2010/11/23 16:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/11/23 12:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/11/23 11:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/11/23 11:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/11/20 10:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\My Documents\Eva Letter

[2010/11/19 11:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Malwarebytes

[2010/11/19 11:25:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/19 11:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/19 11:25:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/19 11:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/19 10:36:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/11/17 15:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/11/17 15:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/11/17 15:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2010/11/17 15:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Safari

[2010/11/17 12:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine

[2010/11/17 12:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2010/10/26 10:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 22:46:00 | 000,006,510 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/11/24 22:45:51 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System\C6501.ini

[2010/11/24 22:45:47 | 000,001,212 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 22:45:41 | 000,089,134 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/11/24 22:45:37 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/24 22:45:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/11/24 22:44:13 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js

[2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010/11/24 21:30:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/11/24 20:57:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010/11/24 19:53:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010/11/24 18:29:33 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Microsoft Office Word 2007.lnk

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/11/24 17:03:52 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI

[2010/11/24 16:56:15 | 003,913,031 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:21 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010/11/23 22:15:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/23 21:22:50 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/11/23 18:10:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010/11/23 15:30:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/11/19 11:25:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:52:07 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:27:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/11/17 18:36:04 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:30:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/15 15:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/11/10 15:01:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/11/07 19:30:42 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/07 19:30:41 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Google Chrome.lnk

[2010/11/06 16:11:40 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

[2010/11/05 20:25:42 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/01 15:27:45 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 21:16:12 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 18:57:44 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 16:56:15 | 003,913,031 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:20 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/23 20:35:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2010/11/23 20:35:03 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll

[2010/11/23 12:11:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 10:44:02 | 000,007,500 | ---- | C] () -- C:\WINDOWS\System32\123.js

[2010/11/19 11:25:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:42:40 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010/11/17 15:30:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/10 15:01:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/01 15:27:45 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[2010/07/04 16:08:48 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI

[2010/07/04 16:07:18 | 000,006,510 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/07/04 16:07:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI

[2010/07/04 16:04:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI

[2010/06/22 13:52:28 | 000,001,212 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini

[2010/05/07 11:07:53 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2010/05/07 11:03:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2010/05/07 11:03:53 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2010/05/07 11:03:53 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2010/05/07 11:03:48 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5240.INI

[2010/05/07 10:52:52 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2010/05/07 10:52:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll

[2010/05/07 10:52:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL

[2010/05/07 10:52:22 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

[2010/05/06 20:15:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\c6501rm.dll

[2010/05/06 20:15:22 | 000,004,712 | R--- | C] () -- C:\WINDOWS\C6501.ini

[2010/05/06 20:13:24 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2010/05/06 20:13:21 | 000,012,675 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010/05/06 20:13:10 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010/05/06 16:54:47 | 000,290,904 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll

[2010/05/06 16:39:29 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/06 13:22:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI

[2010/05/06 10:39:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/04/27 10:43:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll

[2010/04/06 18:33:10 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys

[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll

[2007/03/01 15:22:53 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/03/01 15:22:53 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/03/01 15:22:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/03/01 15:22:53 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2007/03/01 15:22:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/03/01 15:22:53 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/03/01 15:22:53 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/02/28 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/07/04 16:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2010/05/20 17:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2010/11/24 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 20:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/05/06 13:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/05/06 16:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XADCHHWJYG

[2010/09/16 15:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/10/25 16:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/05/30 03:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Blitware

[2010/09/16 23:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\imeshmediabartb

[2010/07/03 17:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\MSA

[2010/05/13 10:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Naviextras

[2010/05/28 07:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape

[2010/11/24 21:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 19:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/05/06 17:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Uniblue

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

[2010/05/30 03:31:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Scheduled Scan.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- (IVT Corporation)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)

"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)

"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)

"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)

"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)

"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)

"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)

"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)

"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Saf

Link to post
Share on other sites

The problem first started with Internet Explorer 8 redirecting to other websites when using Google search. Then IE8 stopped working altogether, i.e. I couldn't even open it when double clicking the logo on the desktop. I then reverted back to an older version (IE6) but it still kept redirecting on google searches. Now running Avira Antivirus and Malware Bytes scanners I get infected objects but can't seem to get rid of them as they keep reappearing when scanning again. Also my PC can't restart on its own it just hangs and I have to manually power off and power on again to restart.

I also get random restarts about every 30 mins with the following error:

STOP: C000010d7 Unknown Hard Error

or

STOP: C0000f9c Unknown Hard Error

I haven't downloaded any new drivers recently so I think it's some sort of virus.

Ok, here's the logs:

OTL.txt

OTL logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

PRC - [2010/11/15 13:47:34 | 008,777,728 | ---- | M] (2Squared Software) -- C:\Program Files\RegClean\RegClean.exe

PRC - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/11/09 10:10:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/09/07 16:23:06 | 000,972,720 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe

PRC - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

PRC - [2010/04/27 10:47:12 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

PRC - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe

PRC - [2006/02/28 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

MOD - [2006/02/28 22:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Spooler)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)

SRV - [2010/04/27 10:44:52 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)

SRV - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)

SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV - [2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/04/19 16:15:04 | 000,036,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2010/04/06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)

DRV - [2010/04/06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV - [2010/04/06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)

DRV - [2010/04/06 18:32:32 | 000,022,024 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcombus.sys -- (BTCOMBUS)

DRV - [2010/04/06 18:32:28 | 000,025,992 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcomport.sys -- (BTCOM)

DRV - [2009/06/17 14:01:50 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/02/19 15:39:44 | 000,191,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2007/03/01 15:22:53 | 003,994,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2006/09/05 19:04:38 | 001,419,968 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)

DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/02/28 22:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2005/09/30 14:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/09/30 14:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2004/08/13 12:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/04 09:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)

DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.175.219.24:3128

O1 HOSTS File: ([2006/02/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (MB2 Toolbar) - {013A635F-E3AA-4371-B682-ECE95CA974B0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [btTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)

O4 - HKLM..\Run: [C6501Sound] File not found

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [RegClean] C:\Program Files\RegClean\RegClean.exe (2Squared Software)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: uziotlpbuqdaejyzqalcTaskMgr = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_18)

O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_19)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/06 00:49:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 22:40:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 21:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 21:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean

[2010/11/24 20:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/24 20:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/11/24 19:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/11/24 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2010/11/23 16:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/11/23 12:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/11/23 11:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/11/23 11:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/11/20 10:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\My Documents\Eva Letter

[2010/11/19 11:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Malwarebytes

[2010/11/19 11:25:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/19 11:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/19 11:25:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/19 11:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/19 10:36:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/11/17 15:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/11/17 15:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/11/17 15:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2010/11/17 15:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Safari

[2010/11/17 12:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine

[2010/11/17 12:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2010/10/26 10:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 22:46:00 | 000,006,510 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/11/24 22:45:51 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System\C6501.ini

[2010/11/24 22:45:47 | 000,001,212 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 22:45:41 | 000,089,134 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/11/24 22:45:37 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/24 22:45:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/11/24 22:44:13 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js

[2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010/11/24 21:30:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/11/24 20:57:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010/11/24 19:53:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010/11/24 18:29:33 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Microsoft Office Word 2007.lnk

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/11/24 17:03:52 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI

[2010/11/24 16:56:15 | 003,913,031 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:21 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010/11/23 22:15:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/23 21:22:50 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/11/23 18:10:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010/11/23 15:30:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/11/19 11:25:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:52:07 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:27:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/11/17 18:36:04 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:30:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/15 15:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/11/10 15:01:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/11/07 19:30:42 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/07 19:30:41 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Google Chrome.lnk

[2010/11/06 16:11:40 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

[2010/11/05 20:25:42 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/01 15:27:45 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 21:16:12 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 18:57:44 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 16:56:15 | 003,913,031 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:20 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/23 20:35:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2010/11/23 20:35:03 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll

[2010/11/23 12:11:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 10:44:02 | 000,007,500 | ---- | C] () -- C:\WINDOWS\System32\123.js

[2010/11/19 11:25:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:42:40 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010/11/17 15:30:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/10 15:01:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/01 15:27:45 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[2010/07/04 16:08:48 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI

[2010/07/04 16:07:18 | 000,006,510 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/07/04 16:07:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI

[2010/07/04 16:04:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI

[2010/06/22 13:52:28 | 000,001,212 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini

[2010/05/07 11:07:53 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2010/05/07 11:03:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2010/05/07 11:03:53 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2010/05/07 11:03:53 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2010/05/07 11:03:48 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5240.INI

[2010/05/07 10:52:52 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2010/05/07 10:52:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll

[2010/05/07 10:52:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL

[2010/05/07 10:52:22 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

[2010/05/06 20:15:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\c6501rm.dll

[2010/05/06 20:15:22 | 000,004,712 | R--- | C] () -- C:\WINDOWS\C6501.ini

[2010/05/06 20:13:24 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2010/05/06 20:13:21 | 000,012,675 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010/05/06 20:13:10 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010/05/06 16:54:47 | 000,290,904 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll

[2010/05/06 16:39:29 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/06 13:22:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI

[2010/05/06 10:39:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/04/27 10:43:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll

[2010/04/06 18:33:10 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys

[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll

[2007/03/01 15:22:53 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/03/01 15:22:53 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/03/01 15:22:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/03/01 15:22:53 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2007/03/01 15:22:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/03/01 15:22:53 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/03/01 15:22:53 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/02/28 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/07/04 16:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2010/05/20 17:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2010/11/24 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 20:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/05/06 13:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/05/06 16:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XADCHHWJYG

[2010/09/16 15:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/10/25 16:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/05/30 03:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Blitware

[2010/09/16 23:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\imeshmediabartb

[2010/07/03 17:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\MSA

[2010/05/13 10:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Naviextras

[2010/05/28 07:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape

[2010/11/24 21:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 19:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/05/06 17:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Uniblue

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

[2010/05/30 03:31:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Scheduled Scan.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- (IVT Corporation)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)

"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)

"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)

"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)

"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)

"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)

"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)

"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)

"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Saf

Link to post
Share on other sites

The problem first started with Internet Explorer 8 redirecting to other websites when using Google search. Then IE8 stopped working altogether, i.e. I couldn't even open it when double clicking the logo on the desktop. I then reverted back to an older version (IE6) but it still kept redirecting on google searches. Now running Avira Antivirus and Malware Bytes scanners I get infected objects but can't seem to get rid of them as they keep reappearing when scanning again. Also my PC can't restart on its own it just hangs and I have to manually power off and power on again to restart.

I also get random restarts about every 30 mins with the following error:

STOP: C000010d7 Unknown Hard Error

or

STOP: C0000f9c Unknown Hard Error

I haven't downloaded any new drivers recently so I think it's some sort of virus.

Ok, here's the logs:

OTL.txt

OTL logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

PRC - [2010/11/15 13:47:34 | 008,777,728 | ---- | M] (2Squared Software) -- C:\Program Files\RegClean\RegClean.exe

PRC - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/11/09 10:10:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/09/07 16:23:06 | 000,972,720 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe

PRC - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

PRC - [2010/04/27 10:47:12 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

PRC - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe

PRC - [2006/02/28 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

MOD - [2006/02/28 22:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Spooler)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)

SRV - [2010/04/27 10:44:52 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)

SRV - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)

SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV - [2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/04/19 16:15:04 | 000,036,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2010/04/06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)

DRV - [2010/04/06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV - [2010/04/06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)

DRV - [2010/04/06 18:32:32 | 000,022,024 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcombus.sys -- (BTCOMBUS)

DRV - [2010/04/06 18:32:28 | 000,025,992 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcomport.sys -- (BTCOM)

DRV - [2009/06/17 14:01:50 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/02/19 15:39:44 | 000,191,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2007/03/01 15:22:53 | 003,994,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2006/09/05 19:04:38 | 001,419,968 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)

DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/02/28 22:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2005/09/30 14:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/09/30 14:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2004/08/13 12:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/04 09:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)

DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.175.219.24:3128

O1 HOSTS File: ([2006/02/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (MB2 Toolbar) - {013A635F-E3AA-4371-B682-ECE95CA974B0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [btTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)

O4 - HKLM..\Run: [C6501Sound] File not found

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [RegClean] C:\Program Files\RegClean\RegClean.exe (2Squared Software)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: uziotlpbuqdaejyzqalcTaskMgr = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_18)

O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_19)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/06 00:49:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 22:40:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 21:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 21:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean

[2010/11/24 20:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/24 20:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/11/24 19:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/11/24 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2010/11/23 16:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/11/23 12:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/11/23 11:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/11/23 11:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/11/20 10:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\My Documents\Eva Letter

[2010/11/19 11:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Malwarebytes

[2010/11/19 11:25:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/19 11:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/19 11:25:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/19 11:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/19 10:36:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/11/17 15:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/11/17 15:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/11/17 15:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2010/11/17 15:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Safari

[2010/11/17 12:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine

[2010/11/17 12:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2010/10/26 10:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 22:46:00 | 000,006,510 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/11/24 22:45:51 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System\C6501.ini

[2010/11/24 22:45:47 | 000,001,212 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 22:45:41 | 000,089,134 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/11/24 22:45:37 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/24 22:45:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/11/24 22:44:13 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js

[2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010/11/24 21:30:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/11/24 20:57:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010/11/24 19:53:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010/11/24 18:29:33 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Microsoft Office Word 2007.lnk

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/11/24 17:03:52 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI

[2010/11/24 16:56:15 | 003,913,031 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:21 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010/11/23 22:15:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/23 21:22:50 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/11/23 18:10:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010/11/23 15:30:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/11/19 11:25:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:52:07 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:27:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/11/17 18:36:04 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:30:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/15 15:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/11/10 15:01:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/11/07 19:30:42 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/07 19:30:41 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Google Chrome.lnk

[2010/11/06 16:11:40 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

[2010/11/05 20:25:42 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/01 15:27:45 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 21:16:12 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 18:57:44 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 16:56:15 | 003,913,031 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:20 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/23 20:35:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2010/11/23 20:35:03 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll

[2010/11/23 12:11:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 10:44:02 | 000,007,500 | ---- | C] () -- C:\WINDOWS\System32\123.js

[2010/11/19 11:25:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:42:40 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010/11/17 15:30:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/10 15:01:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/01 15:27:45 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[2010/07/04 16:08:48 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI

[2010/07/04 16:07:18 | 000,006,510 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/07/04 16:07:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI

[2010/07/04 16:04:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI

[2010/06/22 13:52:28 | 000,001,212 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini

[2010/05/07 11:07:53 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2010/05/07 11:03:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2010/05/07 11:03:53 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2010/05/07 11:03:53 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2010/05/07 11:03:48 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5240.INI

[2010/05/07 10:52:52 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2010/05/07 10:52:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll

[2010/05/07 10:52:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL

[2010/05/07 10:52:22 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

[2010/05/06 20:15:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\c6501rm.dll

[2010/05/06 20:15:22 | 000,004,712 | R--- | C] () -- C:\WINDOWS\C6501.ini

[2010/05/06 20:13:24 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2010/05/06 20:13:21 | 000,012,675 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010/05/06 20:13:10 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010/05/06 16:54:47 | 000,290,904 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll

[2010/05/06 16:39:29 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/06 13:22:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI

[2010/05/06 10:39:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/04/27 10:43:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll

[2010/04/06 18:33:10 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys

[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll

[2007/03/01 15:22:53 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/03/01 15:22:53 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/03/01 15:22:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/03/01 15:22:53 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2007/03/01 15:22:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/03/01 15:22:53 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/03/01 15:22:53 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/02/28 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/07/04 16:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2010/05/20 17:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2010/11/24 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 20:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/05/06 13:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/05/06 16:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XADCHHWJYG

[2010/09/16 15:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/10/25 16:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/05/30 03:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Blitware

[2010/09/16 23:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\imeshmediabartb

[2010/07/03 17:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\MSA

[2010/05/13 10:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Naviextras

[2010/05/28 07:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape

[2010/11/24 21:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 19:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/05/06 17:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Uniblue

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

[2010/05/30 03:31:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Scheduled Scan.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- (IVT Corporation)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)

"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)

"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)

"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)

"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)

"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)

"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)

"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)

"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Saf

Link to post
Share on other sites

The problem first started with Internet Explorer 8 redirecting to other websites when using Google search. Then IE8 stopped working altogether, i.e. I couldn't even open it when double clicking the logo on the desktop. I then reverted back to an older version (IE6) but it still kept redirecting on google searches. Now running Avira Antivirus and Malware Bytes scanners I get infected objects but can't seem to get rid of them as they keep reappearing when scanning again. Also my PC can't restart on its own it just hangs and I have to manually power off and power on again to restart.

I also get random restarts about every 30 mins with the following error:

STOP: C000010d7 Unknown Hard Error

or

STOP: C0000f9c Unknown Hard Error

I haven't downloaded any new drivers recently so I think it's some sort of virus.

Ok, here's the logs:

OTL.txt

OTL logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

PRC - [2010/11/15 13:47:34 | 008,777,728 | ---- | M] (2Squared Software) -- C:\Program Files\RegClean\RegClean.exe

PRC - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/11/09 10:10:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/09/07 16:23:06 | 000,972,720 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe

PRC - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

PRC - [2010/04/27 10:47:12 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

PRC - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe

PRC - [2006/02/28 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

MOD - [2006/02/28 22:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Spooler)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)

SRV - [2010/04/27 10:44:52 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)

SRV - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)

SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV - [2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/04/19 16:15:04 | 000,036,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2010/04/06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)

DRV - [2010/04/06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV - [2010/04/06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)

DRV - [2010/04/06 18:32:32 | 000,022,024 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcombus.sys -- (BTCOMBUS)

DRV - [2010/04/06 18:32:28 | 000,025,992 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcomport.sys -- (BTCOM)

DRV - [2009/06/17 14:01:50 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/02/19 15:39:44 | 000,191,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2007/03/01 15:22:53 | 003,994,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2006/09/05 19:04:38 | 001,419,968 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)

DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/02/28 22:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2005/09/30 14:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/09/30 14:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2004/08/13 12:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/04 09:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)

DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.175.219.24:3128

O1 HOSTS File: ([2006/02/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (MB2 Toolbar) - {013A635F-E3AA-4371-B682-ECE95CA974B0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [btTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)

O4 - HKLM..\Run: [C6501Sound] File not found

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [RegClean] C:\Program Files\RegClean\RegClean.exe (2Squared Software)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: uziotlpbuqdaejyzqalcTaskMgr = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_18)

O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_19)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/06 00:49:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 22:40:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 21:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 21:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean

[2010/11/24 20:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/24 20:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/11/24 19:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/11/24 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2010/11/23 16:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/11/23 12:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/11/23 11:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/11/23 11:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/11/20 10:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\My Documents\Eva Letter

[2010/11/19 11:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Malwarebytes

[2010/11/19 11:25:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/19 11:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/19 11:25:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/19 11:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/19 10:36:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/11/17 15:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/11/17 15:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/11/17 15:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2010/11/17 15:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Safari

[2010/11/17 12:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine

[2010/11/17 12:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2010/10/26 10:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 22:46:00 | 000,006,510 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/11/24 22:45:51 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System\C6501.ini

[2010/11/24 22:45:47 | 000,001,212 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 22:45:41 | 000,089,134 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/11/24 22:45:37 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/24 22:45:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/11/24 22:44:13 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js

[2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010/11/24 21:30:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/11/24 20:57:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010/11/24 19:53:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010/11/24 18:29:33 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Microsoft Office Word 2007.lnk

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/11/24 17:03:52 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI

[2010/11/24 16:56:15 | 003,913,031 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:21 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010/11/23 22:15:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/23 21:22:50 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/11/23 18:10:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010/11/23 15:30:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/11/19 11:25:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:52:07 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:27:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/11/17 18:36:04 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:30:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/15 15:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/11/10 15:01:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/11/07 19:30:42 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/07 19:30:41 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Google Chrome.lnk

[2010/11/06 16:11:40 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

[2010/11/05 20:25:42 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/01 15:27:45 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 21:16:12 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 18:57:44 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 16:56:15 | 003,913,031 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:20 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/23 20:35:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2010/11/23 20:35:03 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll

[2010/11/23 12:11:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 10:44:02 | 000,007,500 | ---- | C] () -- C:\WINDOWS\System32\123.js

[2010/11/19 11:25:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:42:40 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010/11/17 15:30:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/10 15:01:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/01 15:27:45 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[2010/07/04 16:08:48 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI

[2010/07/04 16:07:18 | 000,006,510 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/07/04 16:07:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI

[2010/07/04 16:04:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI

[2010/06/22 13:52:28 | 000,001,212 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini

[2010/05/07 11:07:53 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2010/05/07 11:03:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2010/05/07 11:03:53 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2010/05/07 11:03:53 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2010/05/07 11:03:48 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5240.INI

[2010/05/07 10:52:52 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2010/05/07 10:52:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll

[2010/05/07 10:52:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL

[2010/05/07 10:52:22 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

[2010/05/06 20:15:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\c6501rm.dll

[2010/05/06 20:15:22 | 000,004,712 | R--- | C] () -- C:\WINDOWS\C6501.ini

[2010/05/06 20:13:24 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2010/05/06 20:13:21 | 000,012,675 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010/05/06 20:13:10 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010/05/06 16:54:47 | 000,290,904 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll

[2010/05/06 16:39:29 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/06 13:22:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI

[2010/05/06 10:39:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/04/27 10:43:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll

[2010/04/06 18:33:10 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys

[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll

[2007/03/01 15:22:53 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/03/01 15:22:53 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/03/01 15:22:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/03/01 15:22:53 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2007/03/01 15:22:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/03/01 15:22:53 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/03/01 15:22:53 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/02/28 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/07/04 16:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2010/05/20 17:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2010/11/24 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 20:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/05/06 13:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/05/06 16:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XADCHHWJYG

[2010/09/16 15:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/10/25 16:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/05/30 03:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Blitware

[2010/09/16 23:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\imeshmediabartb

[2010/07/03 17:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\MSA

[2010/05/13 10:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Naviextras

[2010/05/28 07:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape

[2010/11/24 21:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 19:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/05/06 17:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Uniblue

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

[2010/05/30 03:31:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Scheduled Scan.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- (IVT Corporation)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)

"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)

"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)

"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)

"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)

"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)

"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)

"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)

"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Saf

Link to post
Share on other sites

The problem first started with Internet Explorer 8 redirecting to other websites when using Google search. Then IE8 stopped working altogether, i.e. I couldn't even open it when double clicking the logo on the desktop. I then reverted back to an older version (IE6) but it still kept redirecting on google searches. Now running Avira Antivirus and Malware Bytes scanners I get infected objects but can't seem to get rid of them as they keep reappearing when scanning again. Also my PC can't restart on its own it just hangs and I have to manually power off and power on again to restart.

I also get random restarts about every 30 mins with the following error:

STOP: C000010d7 Unknown Hard Error

or

STOP: C0000f9c Unknown Hard Error

I haven't downloaded any new drivers recently so I think it's some sort of virus.

Ok, here's the logs:

OTL.txt

OTL logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

PRC - [2010/11/15 13:47:34 | 008,777,728 | ---- | M] (2Squared Software) -- C:\Program Files\RegClean\RegClean.exe

PRC - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/11/09 10:10:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/09/07 16:23:06 | 000,972,720 | ---- | M] (iMesh, Inc) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe

PRC - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

PRC - [2010/04/27 10:47:12 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

PRC - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe

PRC - [2006/02/28 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

MOD - [2006/02/28 22:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Spooler)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/11/09 10:10:45 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/11/09 10:10:44 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)

SRV - [2010/04/27 10:44:52 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)

SRV - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)

SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV - [2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/04/19 16:15:04 | 000,036,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2010/04/06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)

DRV - [2010/04/06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV - [2010/04/06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)

DRV - [2010/04/06 18:32:32 | 000,022,024 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcombus.sys -- (BTCOMBUS)

DRV - [2010/04/06 18:32:28 | 000,025,992 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcomport.sys -- (BTCOM)

DRV - [2009/06/17 14:01:50 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/02/19 15:39:44 | 000,191,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2007/03/01 15:22:53 | 003,994,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2006/09/05 19:04:38 | 001,419,968 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)

DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/02/28 22:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2005/09/30 14:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/09/30 14:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2004/08/13 12:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/04 09:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2002/07/27 18:01:06 | 000,005,306 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)

DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-725345543-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.175.219.24:3128

O1 HOSTS File: ([2006/02/28 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (MB2 Toolbar) - {013a635f-e3aa-4371-b682-ece95ca974b0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()

O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (MB2 Toolbar) - {013A635F-E3AA-4371-B682-ECE95CA974B0} - C:\Program Files\MB2\tbMB1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeo2.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-725345543-583907252-839522115-1004\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [btTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)

O4 - HKLM..\Run: [C6501Sound] File not found

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [RegClean] C:\Program Files\RegClean\RegClean.exe (2Squared Software)

O4 - HKU\S-1-5-21-725345543-583907252-839522115-1004..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-583907252-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: uziotlpbuqdaejyzqalcTaskMgr = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_18)

O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_19)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/06 00:49:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 22:40:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 21:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 21:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean

[2010/11/24 20:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/24 20:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/11/24 19:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/11/24 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2010/11/23 16:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/11/23 12:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/11/23 11:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/11/23 11:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/11/20 10:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\My Documents\Eva Letter

[2010/11/19 11:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Malwarebytes

[2010/11/19 11:25:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/19 11:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/19 11:25:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/19 11:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/19 10:36:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/11/17 15:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/11/17 15:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/11/17 15:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2010/11/17 15:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Safari

[2010/11/17 12:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine

[2010/11/17 12:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2010/10/26 10:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 22:46:00 | 000,006,510 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/11/24 22:45:51 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System\C6501.ini

[2010/11/24 22:45:47 | 000,001,212 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 22:45:41 | 000,089,134 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/11/24 22:45:37 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/24 22:45:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/11/24 22:44:13 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js

[2010/11/24 22:41:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armin Mehmedagic\Desktop\OTL.exe

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010/11/24 21:30:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/11/24 20:57:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010/11/24 19:53:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010/11/24 18:29:33 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Microsoft Office Word 2007.lnk

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/11/24 17:03:52 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI

[2010/11/24 16:56:15 | 003,913,031 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:21 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010/11/23 22:15:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/23 21:22:50 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/11/23 18:10:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010/11/23 15:30:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/11/19 11:25:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:52:07 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:27:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/11/17 18:36:04 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:30:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/15 15:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/11/10 15:01:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/09 10:10:45 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/11/09 10:10:45 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/11/07 19:30:42 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/07 19:30:41 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\Google Chrome.lnk

[2010/11/06 16:11:40 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

[2010/11/05 20:25:42 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/01 15:27:45 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 21:16:12 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job

[2010/11/24 18:57:44 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job

[2010/11/24 16:56:15 | 003,913,031 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\ComboFix.exe

[2010/11/24 16:54:20 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\JavaRa.zip

[2010/11/23 20:35:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2010/11/23 20:35:03 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll

[2010/11/23 12:11:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/23 10:44:02 | 000,007,500 | ---- | C] () -- C:\WINDOWS\System32\123.js

[2010/11/19 11:25:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/19 10:42:40 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\completescan

[2010/11/19 10:39:12 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\install

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2010/11/19 10:38:13 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010/11/17 15:30:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/17 15:23:43 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/11/17 15:23:43 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/11/10 15:01:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$B701Assignment2.docx

[2010/11/10 14:59:52 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$. WIL 1 Assignments 210 (4).docx

[2010/11/01 15:27:45 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 20:25:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Desktop\~$Thesis.docx

[2010/07/04 16:08:48 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI

[2010/07/04 16:07:18 | 000,006,510 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI

[2010/07/04 16:07:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI

[2010/07/04 16:04:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI

[2010/06/22 13:52:28 | 000,001,212 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini

[2010/05/07 11:07:53 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2010/05/07 11:03:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2010/05/07 11:03:53 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2010/05/07 11:03:53 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2010/05/07 11:03:48 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5240.INI

[2010/05/07 10:52:52 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2010/05/07 10:52:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll

[2010/05/07 10:52:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL

[2010/05/07 10:52:22 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

[2010/05/06 20:15:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\c6501rm.dll

[2010/05/06 20:15:22 | 000,004,712 | R--- | C] () -- C:\WINDOWS\C6501.ini

[2010/05/06 20:13:24 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2010/05/06 20:13:21 | 000,012,675 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010/05/06 20:13:10 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2010/05/06 16:54:47 | 000,290,904 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll

[2010/05/06 16:39:29 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Armin Mehmedagic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/06 13:22:03 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI

[2010/05/06 10:39:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/04/27 10:43:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll

[2010/04/06 18:33:10 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys

[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll

[2007/03/01 15:22:53 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/03/01 15:22:53 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/03/01 15:22:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/03/01 15:22:53 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2007/03/01 15:22:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/03/01 15:22:53 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/03/01 15:22:53 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/02/28 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/07/04 16:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2010/05/20 17:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2010/11/24 21:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft

[2010/11/24 20:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/05/06 13:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/05/06 16:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XADCHHWJYG

[2010/09/16 15:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/10/25 16:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/05/30 03:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Blitware

[2010/09/16 23:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\imeshmediabartb

[2010/07/03 17:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\MSA

[2010/05/13 10:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Naviextras

[2010/05/28 07:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape

[2010/11/24 21:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\RegClean

[2010/11/24 19:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Registry Mechanic

[2010/05/06 17:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armin Mehmedagic\Application Data\Uniblue

[2010/11/23 10:23:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/11/24 10:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2010/11/24 09:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2010/11/24 12:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2010/11/24 11:44:18 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2010/11/23 14:44:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2010/11/23 16:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2010/11/24 13:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2010/11/24 18:44:19 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2010/11/24 20:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2010/11/23 15:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/11/24 22:44:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2010/11/24 21:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2010/11/24 17:44:03 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2010/11/24 19:44:04 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2010/11/23 23:44:05 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2010/11/19 10:38:14 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

[2010/05/30 03:31:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

[2010/11/24 22:45:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Scheduled Scan.job

[2010/11/24 19:00:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

[2010/11/24 21:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 24/11/2010 10:47:02 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Armin Mehmedagic\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 372.60 Gb Total Space | 287.70 Gb Free Space | 77.21% Space Free | Partition Type: NTFS

Computer Name: ARMIN | User Name: Armin Mehmedagic | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- (IVT Corporation)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)

"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)

"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)

"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)

"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)

"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)

"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)

"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)

"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Saf

Link to post
Share on other sites

Quite some malware showing up here, and based on the way your log got cut off, I suspect a rootkit as well.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

ComboFix 10-11-23.04 - Armin Mehmedagic 24/11/2010 23:38:43.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1475 [GMT 10:00]

Running from: c:\documents and settings\Armin Mehmedagic\My Documents\Downloads\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Armin Mehmedagic\Application Data\completescan

c:\documents and settings\Armin Mehmedagic\Application Data\install

c:\documents and settings\Armin Mehmedagic\Application Data\MSA

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))

.

2010-11-24 13:30 . 2010-11-24 13:30 -------- d-----w- C:\32788R22FWJFW

2010-11-24 11:23 . 2010-11-24 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft

2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\RegClean

2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\program files\RegClean

2010-11-24 10:52 . 2010-11-24 10:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-11-24 09:00 . 2010-11-24 09:00 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Registry Mechanic

2010-11-23 10:35 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-11-23 10:35 . 2006-02-28 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll

2010-11-23 06:05 . 2010-11-23 06:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-11-19 01:26 . 2010-11-19 01:26 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Malwarebytes

2010-11-19 01:25 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-19 01:25 . 2010-11-19 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-19 01:25 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-19 01:25 . 2010-11-19 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iPod

2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iTunes

2010-11-17 05:28 . 2010-11-17 05:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2010-11-17 05:23 . 2010-11-17 05:23 -------- d-----w- c:\program files\Safari

2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine

2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\program files\ConduitEngine

2010-11-17 02:55 . 2010-11-17 02:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2010-11-06 01:37 . 2010-11-06 01:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2010-10-26 00:10 . 2010-10-26 00:10 -------- d-----w- c:\program files\Common Files\Adobe AIR

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-09 00:10 . 2010-05-06 04:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-11-09 00:10 . 2010-05-06 04:53 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-09-28 05:44 . 2010-09-16 05:53 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-09-28 05:44 . 2010-09-16 05:53 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-08-28 06:58 . 2006-02-28 12:00 199168 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-28 06:58 . 2010-08-28 06:58 744960 ----a-w- c:\windows\system32\IR41_32.DLL

.

------- Sigcheck -------

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe

[7] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

[-] 2006-02-28 . B9DB64330AA75F0D65584043EB71392D . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe

[-] 2006-02-28 . 0D7A327D55EE730503BC54E70CD912D4 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe

c:\windows\System32\spoolsv.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192]

"{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]

[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}]

2010-09-25 01:34 2735200 ----a-w- c:\program files\MB2\tbMB1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]

2010-09-07 06:23 585096 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]

2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]

2010-10-18 10:26 3908192 ----a-w- c:\program files\Veoh_Web_Player\tbVeo2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-05-26 05:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192]

"{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]

[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]

[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192]

"{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]

[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Google Update"="c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-06 136176]

"Octoshape Streaming Services"="c:\documents and settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]

"RegClean"="c:\program files\RegClean\RegClean.exe" [2010-11-15 8777728]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-01 7700480]

"nwiz"="nwiz.exe" [2007-03-01 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-01 86016]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2010-04-27 319574]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"uziotlpbuqdaejyzqalcTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]

2007-02-01 08:49 2154496 ----a-w- c:\program files\XpertVision\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]

2003-08-19 14:43 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Documents and Settings\\Armin Mehmedagic\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6/04/2010 6:32 PM 20104]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/05/2010 2:53 PM 135336]

R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27/04/2010 10:43 AM 147563]

R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [6/04/2010 6:32 PM 25992]

R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [6/04/2010 6:32 PM 22024]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6/04/2010 6:33 PM 25864]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/04/2010 6:32 PM 23048]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/06/2010 10:43 PM 136176]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 4:28 AM 4639136]

.

Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]

2010-05-29 c:\windows\Tasks\Driver Robot.job

- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-05-06 07:29]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job

- c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job

- c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15]

2010-11-24 c:\windows\Tasks\RegClean Scheduled Scan.job

- c:\program files\RegClean\RegClean.exe [2010-11-15 03:47]

2010-11-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 05:23]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyServer = 213.175.219.24:3128

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

HKLM-Run-C6501Sound - c6501.cpl

AddRemove-{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1 - c:\docume~1\ARMINM~1\LOCALS~1\Temp\Rar$EX00.421\MustBeRandomlyNamed\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-24 23:48

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_HD400LJ rev.ZZ100-15 -> Harddisk0\DR0 -> \Device\00000032

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D36446]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d3c504]; MOV EAX, [0x89d3c580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x89D4CAB8]

3 CLASSPNP[0xBA10905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\0000006d[0x89CEEAC0]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x89D4C030]

\Driver\nvata[0x89CEDF38] -> IRP_MJ_CREATE -> 0x89D36446

error: Read Incorrect function.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\0000006c -> \??\IDE#DiskSAMSUNG_HD400LJ_________________________ZZ100-15#30533248314A504E303234303932202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3880)

c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-11-24 23:55:55 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-24 13:55

Pre-Run: 308,816,961,536 bytes free

Post-Run: 311,002,247,168 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 57A5B0913818B463F6EB19D1D1F99B2F

Link to post
Share on other sites

We still have a lot of work to do here. Do you have an XP CD at hand we can use to copy some files from (if not, no problem, but its simpler if you have one).

Since there is indeed a rootkit present, see here first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

First of all, lets get rid of some bad stuff

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

FCopy::
c:\windows\system32\dllcache\spoolsv.exe | c:\windows\system32\spoolsv.exe

DDS::
uInternet Settings,ProxyServer = 213.175.219.24:3128

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

2010/11/25 00:33:16.0656 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12

2010/11/25 00:33:16.0656 ================================================================================

2010/11/25 00:33:16.0656 SystemInfo:

2010/11/25 00:33:16.0656

2010/11/25 00:33:16.0656 OS Version: 5.1.2600 ServicePack: 2.0

2010/11/25 00:33:16.0656 Product type: Workstation

2010/11/25 00:33:16.0656 ComputerName: ARMIN

2010/11/25 00:33:16.0656 UserName: Armin Mehmedagic

2010/11/25 00:33:16.0656 Windows directory: C:\WINDOWS

2010/11/25 00:33:16.0656 System windows directory: C:\WINDOWS

2010/11/25 00:33:16.0656 Processor architecture: Intel x86

2010/11/25 00:33:16.0656 Number of processors: 2

2010/11/25 00:33:16.0656 Page size: 0x1000

2010/11/25 00:33:16.0656 Boot type: Normal boot

2010/11/25 00:33:16.0656 ================================================================================

2010/11/25 00:33:16.0812 Initialize success

2010/11/25 00:33:48.0390 ================================================================================

2010/11/25 00:33:48.0390 Scan started

2010/11/25 00:33:48.0390 Mode: Manual;

2010/11/25 00:33:48.0390 ================================================================================

2010/11/25 00:33:48.0718 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/25 00:33:48.0765 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/11/25 00:33:48.0812 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2010/11/25 00:33:48.0875 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2010/11/25 00:33:48.0968 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2010/11/25 00:33:49.0015 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/25 00:33:49.0078 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/25 00:33:49.0093 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/25 00:33:49.0125 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/25 00:33:49.0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/25 00:33:49.0265 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/11/25 00:33:49.0281 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/11/25 00:33:49.0312 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/11/25 00:33:49.0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/25 00:33:49.0390 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys

2010/11/25 00:33:49.0453 BT (43467de7db414ac70a88fc2fa0916ef3) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys

2010/11/25 00:33:49.0500 BTCOM (104e517bfdb88ee3ce5923014314619d) C:\WINDOWS\system32\DRIVERS\btcomport.sys

2010/11/25 00:33:49.0515 BTCOMBUS (dd61debced7e62410559d9b1fe44a728) C:\WINDOWS\system32\Drivers\btcombus.sys

2010/11/25 00:33:49.0562 Btcsrusb (bfe17144f1d6822b11b0883d83c209f1) C:\WINDOWS\system32\Drivers\btcusb.sys

2010/11/25 00:33:49.0578 BtHidBus (da9e15e55c33392d7dfd7f21116214be) C:\WINDOWS\system32\Drivers\BtHidBus.sys

2010/11/25 00:33:49.0609 btnetBUs (7bb8ac22bc9e6a1e7707daecada95cd9) C:\WINDOWS\system32\Drivers\btnetBus.sys

2010/11/25 00:33:49.0640 Cardex (175418424b0973ae9004257ebc60431c) C:\WINDOWS\system32\drivers\TBPANEL.SYS

2010/11/25 00:33:49.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/25 00:33:49.0734 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/25 00:33:49.0750 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/25 00:33:49.0796 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/25 00:33:49.0890 cm102u32 (59e789cd92a1c8a5075f9bafd454a2e0) C:\WINDOWS\system32\drivers\c6501.sys

2010/11/25 00:33:50.0015 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/25 00:33:50.0062 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/25 00:33:50.0109 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/25 00:33:50.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/25 00:33:50.0171 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/25 00:33:50.0234 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/25 00:33:50.0250 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/25 00:33:50.0281 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/11/25 00:33:50.0296 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/25 00:33:50.0312 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/11/25 00:33:50.0359 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/11/25 00:33:50.0375 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/25 00:33:50.0406 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/25 00:33:50.0453 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/11/25 00:33:50.0468 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/25 00:33:50.0546 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/25 00:33:50.0609 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/25 00:33:50.0640 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/25 00:33:50.0703 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/11/25 00:33:50.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/25 00:33:50.0750 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/25 00:33:50.0781 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/25 00:33:50.0796 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/25 00:33:50.0843 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/25 00:33:50.0859 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/25 00:33:50.0890 IvtBtBUs (132eb047e3f94dc9eab83c74e8c2e85a) C:\WINDOWS\system32\Drivers\IvtBtBus.sys

2010/11/25 00:33:50.0906 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/25 00:33:50.0953 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/25 00:33:50.0984 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/25 00:33:51.0062 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/25 00:33:51.0093 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/25 00:33:51.0125 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/25 00:33:51.0140 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/25 00:33:51.0171 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/25 00:33:51.0234 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/25 00:33:51.0265 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/25 00:33:51.0296 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/25 00:33:51.0312 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/25 00:33:51.0328 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/25 00:33:51.0375 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/25 00:33:51.0421 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2010/11/25 00:33:51.0437 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/25 00:33:51.0453 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/25 00:33:51.0468 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/25 00:33:51.0500 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/25 00:33:51.0515 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/25 00:33:51.0531 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/25 00:33:51.0546 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/25 00:33:51.0562 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/25 00:33:51.0609 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/25 00:33:51.0625 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/25 00:33:51.0656 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/25 00:33:51.0687 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/25 00:33:51.0812 nv (c82f94077e2497e6685da208e2f75b43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/11/25 00:33:51.0953 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys

2010/11/25 00:33:52.0000 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2010/11/25 00:33:52.0031 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2010/11/25 00:33:52.0078 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/25 00:33:52.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/25 00:33:52.0156 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/25 00:33:52.0203 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/11/25 00:33:52.0218 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/25 00:33:52.0265 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/25 00:33:52.0312 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

2010/11/25 00:33:52.0328 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/25 00:33:52.0375 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/11/25 00:33:52.0406 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/11/25 00:33:52.0515 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/25 00:33:52.0562 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/11/25 00:33:52.0578 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/25 00:33:52.0593 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/25 00:33:52.0640 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/11/25 00:33:52.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/25 00:33:52.0750 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/25 00:33:52.0765 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/25 00:33:52.0781 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/25 00:33:52.0796 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/25 00:33:52.0828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/25 00:33:52.0875 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/25 00:33:52.0937 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/25 00:33:52.0968 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/25 00:33:53.0000 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/11/25 00:33:53.0015 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/11/25 00:33:53.0046 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/25 00:33:53.0093 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/25 00:33:53.0125 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/25 00:33:53.0187 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/25 00:33:53.0250 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/11/25 00:33:53.0281 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/25 00:33:53.0296 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/25 00:33:53.0359 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/25 00:33:53.0406 TBPanel (175418424b0973ae9004257ebc60431c) C:\WINDOWS\system32\drivers\TBPanel.sys

2010/11/25 00:33:53.0468 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/25 00:33:53.0500 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/25 00:33:53.0515 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/25 00:33:53.0546 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/25 00:33:53.0625 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/25 00:33:53.0656 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/25 00:33:53.0703 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/11/25 00:33:53.0734 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/11/25 00:33:53.0781 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/25 00:33:53.0796 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/25 00:33:53.0812 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/25 00:33:53.0843 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/11/25 00:33:53.0859 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/25 00:33:53.0906 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/25 00:33:53.0921 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/25 00:33:53.0953 USB_RNDIS (af090265ec388bab320f1ff7e7a7d5ea) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2010/11/25 00:33:53.0984 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/11/25 00:33:54.0046 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/25 00:33:54.0062 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/25 00:33:54.0093 wceusbsh (b85b448fd2c398970382a28e47cf4bc6) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

2010/11/25 00:33:54.0140 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/25 00:33:54.0203 WinDriver6 (135b5fb324982b47758410ed5440137d) C:\WINDOWS\system32\drivers\windrvr6.sys

2010/11/25 00:33:54.0265 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/11/25 00:33:54.0265 ================================================================================

2010/11/25 00:33:54.0265 Scan finished

2010/11/25 00:33:54.0265 ================================================================================

2010/11/25 00:33:54.0265 Detected object count: 1

2010/11/25 00:34:20.0562 \HardDisk0 - will be cured after reboot

2010/11/25 00:34:20.0562 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/11/25 00:34:29.0359 Deinitialize success

ComboFix

ComboFix 10-11-23.04 - Armin Mehmedagic 25/11/2010 0:59.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1626 [GMT 10:00]

Running from: c:\documents and settings\Armin Mehmedagic\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Armin Mehmedagic\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.

\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

.

--------------- FCopy ---------------

c:\windows\system32\dllcache\spoolsv.exe --> c:\windows\system32\spoolsv.exe

.

((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))

.

2010-11-24 14:59 . 2006-02-28 12:00 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe

2010-11-24 14:59 . 2006-02-28 12:00 57856 ----a-w- c:\windows\system32\spoolsv.exe

2010-11-24 11:23 . 2010-11-24 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft

2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\RegClean

2010-11-24 11:16 . 2010-11-24 11:16 -------- d-----w- c:\program files\RegClean

2010-11-24 10:52 . 2010-11-24 10:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-11-24 09:00 . 2010-11-24 09:00 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Registry Mechanic

2010-11-23 10:35 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-11-23 10:35 . 2006-02-28 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll

2010-11-23 06:05 . 2010-11-23 06:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-11-19 01:26 . 2010-11-19 01:26 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Application Data\Malwarebytes

2010-11-19 01:25 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-19 01:25 . 2010-11-19 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-19 01:25 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-19 01:25 . 2010-11-19 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iPod

2010-11-17 05:30 . 2010-11-17 05:30 -------- d-----w- c:\program files\iTunes

2010-11-17 05:28 . 2010-11-17 05:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2010-11-17 05:23 . 2010-11-17 05:23 -------- d-----w- c:\program files\Safari

2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\ConduitEngine

2010-11-17 02:55 . 2010-11-17 02:55 -------- d-----w- c:\program files\ConduitEngine

2010-11-17 02:55 . 2010-11-17 02:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2010-11-06 01:37 . 2010-11-06 01:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2010-11-01 05:27 . 2010-11-01 05:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2010-10-26 00:10 . 2010-10-26 00:10 -------- d-----w- c:\program files\Common Files\Adobe AIR

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-09 00:10 . 2010-05-06 04:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-11-09 00:10 . 2010-05-06 04:53 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-09-28 05:44 . 2010-09-16 05:53 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-09-28 05:44 . 2010-09-16 05:53 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-09-08 01:17 . 2010-09-08 01:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 01:17 . 2010-09-08 01:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-08-28 06:58 . 2006-02-28 12:00 199168 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-28 06:58 . 2010-08-28 06:58 744960 ----a-w- c:\windows\system32\IR41_32.DLL

.

------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

[-] 2006-02-28 . B9DB64330AA75F0D65584043EB71392D . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe

[-] 2006-02-28 . 0D7A327D55EE730503BC54E70CD912D4 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-11-24_13.49.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-24 14:58 . 2010-11-24 14:58 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192]

"{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]

[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}]

2010-09-25 01:34 2735200 ----a-w- c:\program files\MB2\tbMB1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]

2010-09-07 06:23 585096 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]

2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]

2010-10-18 10:26 3908192 ----a-w- c:\program files\Veoh_Web_Player\tbVeo2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-05-26 05:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192]

"{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]

[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]

[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\tbVeo2.dll" [2010-10-18 3908192]

"{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB1.dll" [2010-09-25 2735200]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]

[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Google Update"="c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-06 136176]

"Octoshape Streaming Services"="c:\documents and settings\Armin Mehmedagic\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]

"RegClean"="c:\program files\RegClean\RegClean.exe" [2010-11-15 8777728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-01 7700480]

"nwiz"="nwiz.exe" [2007-03-01 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-01 86016]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2010-04-27 319574]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"uziotlpbuqdaejyzqalcTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]

2007-02-01 08:49 2154496 ----a-w- c:\program files\XpertVision\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]

2003-08-19 14:43 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Documents and Settings\\Armin Mehmedagic\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6/04/2010 6:32 PM 20104]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/05/2010 2:53 PM 135336]

R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27/04/2010 10:43 AM 147563]

R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [6/04/2010 6:32 PM 25992]

R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [6/04/2010 6:32 PM 22024]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6/04/2010 6:33 PM 25864]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/04/2010 6:32 PM 23048]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/06/2010 10:43 PM 136176]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 4:28 AM 4639136]

.

Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]

2010-05-29 c:\windows\Tasks\Driver Robot.job

- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-05-06 07:29]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 12:43]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004Core.job

- c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-583907252-839522115-1004UA.job

- c:\documents and settings\Armin Mehmedagic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 07:15]

2010-11-24 c:\windows\Tasks\RegClean Scheduled Scan.job

- c:\program files\RegClean\RegClean.exe [2010-11-15 03:47]

2010-11-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 05:23]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-25 01:07

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2010-11-25 01:08:47

ComboFix-quarantined-files.txt 2010-11-24 15:08

ComboFix2.txt 2010-11-24 13:55

Pre-Run: 310,969,704,448 bytes free

Post-Run: 310,965,313,536 bytes free

- - End Of File - - 8C038E3403EE76935F7450776DE84880

Link to post
Share on other sites

Time to tackle the Bamital infection. -_-

  • Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.

    [*]Your PC should now boot from your XP-CD.

    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

    [*]When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

    [*]When prompted to choose a windows installation, type 1 and press enter.

    [*]When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

    [*]A command prompt will open

Type the following lines in the given order and press enter after each line (if your CD drive is not D, change d:\ in the lines below to the appropriate drive letter. You can find the drive letter by typing MAP and pressing enter).

ren explorer.exe explorer.vir

expand d:\i386\explorer.ex_ explorer.exe <-- you should now see, 1 file(s) expanded.

cd system32

ren winlogon.exe winlogon.vir

expand d:\i386\winlogon.ex_ winlogon.exe <-- you should now see, 1 file(s) expanded.

exit

When done, rerun Combofix and post me the new log.

Link to post
Share on other sites

Ok, that last step did not work well at all.

In the recovery console none of the files were expanded. All i got was this:

Unable to create file explorer.exe

0 file(s) expanded

Unable to create file winlogon.exe

0 file(s) expanded

Then when I exited the recovery console and tried to restart PC i got the following error:

STOP: c000021a {Fatal System Error}

The Windows Logon Process System process terminated unexpectedly with a status of 0x0000034 (0x00000000 0x00000000).

The system has been shutdown.

Link to post
Share on other sites

Reboot in the recovery console and type the following:

set allowremovablemedia = true

set allowallpaths = true

expand d:\i386\explorer.ex_ explorer.exe

cd system32

expand d:\i386\winlogon.ex_ winlogon.exe

ONLY if these commands did not work, type the following lines and press enter after each.

cd c:\windows

ren explorer.vir explorer.exe

cd system32

ren winlogon.vir winlogon.exe

You should now be able to boot normally.

Link to post
Share on other sites

No problem, that is okay. -_-

Assuming that your CD drive is D, please do the following:

Click Start > Run, type cmd and press enter.

At the command prompt, copy paste the following lines (one at a time). To paste at the command prompt, right click and select Paste.

expand d:\i386\explorer.ex_ c:\explorer.exe

expand d:\i386\winlogon.ex_ c:\winlogon.exe

If both lines give 1 file(s) expanded, rerun combofix and post me the new log.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top