IP Block-o-rama

[snacksmusic]

Hello! I'm constantly having these two IP addresses blocked. Can you help? THANKS!

copied and pasted malware log below, followed by DDS log. attach.txt and ark.txt attached as attach.zip

08:56:39 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

08:56:42 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

08:56:48 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

08:58:45 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

08:58:48 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

08:58:54 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

09:53:15 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

09:53:18 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

09:53:24 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

09:53:48 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

09:53:51 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

09:53:55 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

09:53:57 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

09:53:58 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

09:54:04 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

09:56:00 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

09:56:03 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

09:56:09 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

09:57:06 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

09:57:08 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

09:57:14 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

09:57:31 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

09:57:34 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

09:57:40 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:00:45 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:00:48 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:00:54 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:01:39 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:01:42 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:01:48 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:02:14 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:02:17 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:02:23 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:02:43 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:02:46 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:02:52 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:03:04 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:03:07 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:03:13 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:03:47 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:03:50 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:03:56 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:05:44 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:05:47 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:05:54 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:07:36 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:07:39 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:07:45 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:12:45 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:12:47 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:12:54 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:15:16 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:15:19 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:15:25 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:16:42 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:16:45 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:16:51 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:19:06 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:19:09 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:19:15 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:22:04 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:22:07 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:22:13 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:32:22 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:32:25 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:32:31 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:33:00 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:33:03 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:33:09 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:43:20 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:43:23 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:43:29 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:45:54 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:45:56 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:46:03 Owner IP-BLOCK 212.117.174.97 (Type: outgoing)

10:46:18 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:46:21 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:46:27 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:47:30 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:47:33 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:47:39 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:51:52 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:51:55 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:52:01 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:53:36 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:53:39 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

10:53:45 Owner IP-BLOCK 94.228.209.142 (Type: outgoing)

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 20:08:45.03 on Sun 01/02/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.609 [GMT -5:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sonic RecordNow!]

uRun: [dbNetcdrom] rundll32.exe "c:\documents and settings\owner\local settings\application data\wdnetctrl\dbNetcdrom.dll",WdPathCmds rasCommsdll32

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-8-2 16384]

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2010-6-4 10240]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-2 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-2 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-2 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-2 61960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-2 363344]

R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-8-2 105472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-2 20952]

R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2009-8-2 15488]

R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-8-2 15232]

=============== Created Last 30 ================

2011-01-02 18:10:23 -------- d-----w- c:\windows\system32\NtmsData

2011-01-02 18:09:45 -------- d-----w- c:\docume~1\owner\applic~1\Avira

2011-01-02 18:02:47 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-01-02 18:02:46 -------- d-----w- c:\program files\Avira

2011-01-02 18:02:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-12-22 22:01:06 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\WdNetCtrl

2010-12-15 10:01:40 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-15 10:01:10 45568 -c----w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-12-30 21:45:28 32 ----a-w- c:\windows\system32\msvcsv60.dll

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-11 01:46:30 1080 ----a-w- c:\windows\AUTOLNCH.REG

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 20:09:48.35 ===============

Attach.zip

[Maniac]

Hello snacksmusic! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  
• Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  
• Keep me informed about any changes.
  

• Download OTL to your desktop. Otherwise, try OTL.com or OTL.scr .
  
• Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan[-/uAF0- button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

• :\_OTL\Moved Files
  • in most cases this will be C:\_OTL\Moved Files
    

[snacksmusic]

Hey Borislav. Thanks a ton for the help...

OTL.txt

OTL logfile created on: 1/5/2011 7:51:15 PM - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 639.00 Mb Available Physical Memory | 63.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 59.86 Gb Free Space | 40.17% Space Free | Partition Type: NTFS

Drive F: | 279.46 Gb Total Space | 48.11 Gb Free Space | 17.22% Space Free | Partition Type: NTFS

Drive G: | 465.76 Gb Total Space | 365.40 Gb Free Space | 78.45% Space Free | Partition Type: NTFS

Computer Name: ORAC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)

SRV - (digiSPTIService) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Digidesign, A Division of Avid Technology, Inc.)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (MBX2MIDK) -- C:\WINDOWS\system32\drivers\mbx2midk.sys (Digidesign, A Division of Avid Technology, Inc.)

DRV - (MBX2DFU) -- C:\WINDOWS\system32\drivers\mbx2dfu.sys (Digidesign, A Division of Avid Technology, Inc.)

DRV - (DigiFilter) -- C:\WINDOWS\system32\drivers\DigiFilt.sys (Digidesign, A Division of Avid Technology, Inc.)

DRV - (dalwdmservice) -- C:\WINDOWS\system32\drivers\Dalwdm.sys (Digidesign, A Division of Avid Technology, Inc.)

DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)

DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)

DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)

DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)

DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)

DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)

DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/29 01:43:21 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2003/07/16 15:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [dbNetcdrom] File not found

O4 - HKCU..\Run: [sonic RecordNow!] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/02 10:56:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{cd718a46-c7f2-11df-8de2-000f1f4c8233}\Shell\AutoRun\command - "" = J:\slacker.synclauncher.exe -- File not found

O33 - MountPoints2\{cd718a46-c7f2-11df-8de2-000f1f4c8233}\Shell\slacker\command - "" = J:\slacker.synclauncher.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/05 19:45:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/01/05 02:25:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent

[2011/01/04 18:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Carp Journal Photos

[2011/01/03 22:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Carp Journal

[2011/01/02 20:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2011/01/02 18:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Avira

[2011/01/02 14:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2011/01/02 13:10:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/01/02 13:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira

[2011/01/02 13:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2011/01/02 13:02:49 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2011/01/02 13:02:47 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011/01/02 13:02:47 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011/01/02 13:02:47 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2011/01/02 13:02:47 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2011/01/02 13:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/01/02 13:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2010/12/22 17:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WdNetCtrl

[2010/12/15 05:01:40 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys

[2010/12/15 05:01:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/05 19:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/01/05 14:03:09 | 000,127,616 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Wiggins Travelers.pdf

[2011/01/05 14:01:13 | 000,217,017 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Wiggins Cancel.pdf

[2011/01/05 13:57:06 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG

[2011/01/05 13:36:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/05 11:27:56 | 000,005,145 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip

[2011/01/05 03:33:38 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Outlook.job

[2011/01/05 03:33:17 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack MyDocs.job

[2011/01/05 03:32:05 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack ProTools.job

[2011/01/05 03:30:06 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack ProTools and MyDocs.job

[2011/01/05 02:16:46 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/04 23:38:14 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss

[2011/01/04 23:38:14 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll

[2011/01/04 23:38:14 | 000,000,032 | ---- | M] () -- C:\WINDOWS\msocreg32.dat

[2011/01/02 20:12:11 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\i3l2ypy9.exe

[2011/01/02 20:08:32 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr

[2011/01/02 20:04:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable

[2011/01/02 20:03:54 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe

[2011/01/02 13:03:08 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/12/23 13:16:39 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\XMas Menu.doc

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/20 00:10:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/16 03:22:39 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/12/16 03:06:04 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/05 14:03:07 | 000,127,616 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Wiggins Travelers.pdf

[2011/01/05 14:01:05 | 000,217,017 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Wiggins Cancel.pdf

[2011/01/05 11:27:33 | 000,005,145 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip

[2011/01/02 20:12:10 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\i3l2ypy9.exe

[2011/01/02 20:08:30 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr

[2011/01/02 20:04:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable

[2011/01/02 20:03:54 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe

[2011/01/02 13:03:08 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2010/12/20 15:18:19 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\XMas Menu.doc

[2010/07/06 14:18:58 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll

[2009/10/28 13:40:33 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ceme11.dll

[2009/08/17 23:50:10 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2009/08/16 18:33:02 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/14 22:21:41 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

[2009/08/14 22:21:40 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll

[2009/08/03 21:42:25 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll

[2009/08/02 23:41:00 | 000,013,087 | ---- | C] () -- C:\Program Files\INSTALL.LOG

[2009/08/02 06:33:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2009/08/02 23:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy

[2009/08/04 00:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2009/08/03 10:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2010/09/24 10:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CVS

[2011/01/05 02:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Digidesign

[2010/03/30 11:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2009/08/18 08:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2009/08/02 23:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy

[2009/08/18 19:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Propellerhead Software

[2009/08/03 21:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Waves Audio

[2011/01/05 03:33:17 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack MyDocs.job

[2011/01/05 03:33:38 | 000,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Outlook.job

[2011/01/05 03:30:06 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack ProTools and MyDocs.job

[2011/01/05 03:32:05 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack ProTools.job

========== Purity Check ==========

< End of report >

Extras.txt:

OTL Extras logfile created on: 1/5/2011 7:51:16 PM - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 639.00 Mb Available Physical Memory | 63.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 59.86 Gb Free Space | 40.17% Space Free | Partition Type: NTFS

Drive F: | 279.46 Gb Total Space | 48.11 Gb Free Space | 17.22% Space Free | Partition Type: NTFS

Drive G: | 465.76 Gb Total Space | 365.40 Gb Free Space | 78.45% Space Free | Partition Type: NTFS

Computer Name: ORAC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\FTP Commander\Ftpcomm.exe" = C:\Program Files\FTP Commander\Ftpcomm.exe:*:Enabled:Ftpcomm -- (Internetsoft Corp)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" = C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe:*:Disabled:test1 Module -- File not found

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Disabled:Roxio Upnp Service -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{035715B2-5E3F-434B-A9AD-0233598D4127}" = SampleTank 2 SE

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}" = InterLok Driver Kit

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8

"{2C55CDB9-F61C-4C8B-8495-9CF88DEE6931}" = T-RackS EQ

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{47793F43-C76B-41F8-BF0B-6D75F281C322}" = MelodyneUno 1.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller

"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{8569E867-DFF0-4E10-B744-9009AFCB0780}" = AmpliTube LE

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8BE47CAE-466C-4A12-AA62-3E3A1762DE87}" = Digidesign Pro Tools LE 7.0

"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS

"{92B43A6F-E328-495A-ACFA-FC47C1B7215D}" = Digidesign Shared Plug-Ins 7.0

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3

"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}" = Free Bomb Factory Plug-Ins 7.0

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Antares Auto-Tune v4.39" = Antares Auto-Tune v4.39

"Antares AVOX Vocal Kit Bundle RTAS v1.02" = Antares AVOX Vocal Kit Bundle RTAS v1.02

"Antares Tube v1.02 RTAS" = Antares Tube v1.02 RTAS

"ASAPI Update" = ASAPI Update

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DigiDesign Focusrite D2 1.71.345" = DigiDesign Focusrite D2 1.71.345

"DigiDesign Focusrite D3 AudioSuite 1.51.345" = DigiDesign Focusrite D3 AudioSuite 1.51.345

"ENTERPRISER" = Microsoft Office Enterprise 2007

"FTP Commander" = FTP Commander

"HP PrecisionScan LTX" = HP PrecisionScan LTX

"ie8" = Windows Internet Explorer 8

"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller

"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem

"Macromedia Dreamweaver 3" = Macromedia Dreamweaver 3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Native Instruments Absynth 4" = Native Instruments Absynth 4

"Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS" = Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS

"Reason_is1" = Reason 3.0

"ReCycle 2.0" = ReCycle 2.0

"Sony Inflator RTAS v1.0" = Sony Inflator RTAS v1.0

"Steinberg WaveLab v4.00c" = Steinberg WaveLab v4.00c

"SyncBack_is1" = SyncBack

"Waves Diamond Bundle 4.05" = Waves Diamond Bundle 4.05

"Waves Musicians Bundle v5.0" = Waves Musicians Bundle v5.0

"Waves Renaissance Collection 2 3.5" = Waves Renaissance Collection 2 3.5

"Waves SSL Collection v1.2" = Waves SSL Collection v1.2

"Waves Transform Bundle v5.0" = Waves Transform Bundle v5.0

"Waves Vocal Bundle v1.1" = Waves Vocal Bundle v1.1

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 7/23/2010 4:35:41 PM | Computer Name = ORAC | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 8/10/2010 11:33:10 AM | Computer Name = ORAC | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2010 2:15:18 AM | Computer Name = ORAC | Source = Application Error | ID = 1000

Description = Faulting application QuickTimePlayer.exe, version 7.62.14.0, faulting

module QuickTimePlayer.exe, version 7.62.14.0, fault address 0x0000130d.

Error - 10/23/2010 1:15:33 AM | Computer Name = ORAC | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2010 3:47:12 PM | Computer Name = ORAC | Source = Application Hang | ID = 1002

Description = Hanging application ProToolsLE.exe, version 7.0.0.171, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/5/2010 7:03:32 PM | Computer Name = ORAC | Source = Application Error | ID = 1000

Description = Faulting application itunes.exe, version 8.2.1.6, faulting module

quicktime.qts, version 7.62.14.0, fault address 0x00165b12.

Error - 12/22/2010 6:02:53 PM | Computer Name = ORAC | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/1/2011 2:56:49 PM | Computer Name = ORAC | Source = Application Hang | ID = 1002

Description = Hanging application ProToolsLE.exe, version 7.0.0.171, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/2/2011 9:16:44 PM | Computer Name = ORAC | Source = Application Error | ID = 1000

Description = Faulting application i3l2ypy9.exe, version 1.0.15.15530, faulting

module i3l2ypy9.exe, version 1.0.15.15530, fault address 0x0000c551.

Error - 1/4/2011 12:20:15 AM | Computer Name = ORAC | Source = Application Error | ID = 1000

Description = Faulting application digiSPTIService.exe, version 7.0.0.171, faulting

module ntdll.dll, version 5.1.2600.5755, fault address 0x0001168b.

[ System Events ]

Error - 1/2/2011 7:05:23 PM | Computer Name = ORAC | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort1, did not respond within the timeout

period.

Error - 1/2/2011 8:06:08 PM | Computer Name = ORAC | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort1, did not respond within the timeout

period.

Error - 1/2/2011 9:19:47 PM | Computer Name = ORAC | Source = System Error | ID = 1003

Description = Error code 1000008e, parameter1 c0000005, parameter2 80563fef, parameter3

eeab5af8, parameter4 00000000.

Error - 1/2/2011 9:33:26 PM | Computer Name = ORAC | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 1/2/2011 9:34:05 PM | Computer Name = ORAC | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 1/4/2011 12:20:33 AM | Computer Name = ORAC | Source = Service Control Manager | ID = 7034

Description = The digiSPTIService service terminated unexpectedly. It has done

this 1 time(s).

Error - 1/4/2011 1:40:35 AM | Computer Name = ORAC | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort1, did not respond within the timeout

period.

Error - 1/5/2011 3:26:03 AM | Computer Name = ORAC | Source = dalwdmservice | ID = 262187

Description =

Error - 1/5/2011 7:29:52 AM | Computer Name = ORAC | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort1, did not respond within the timeout

period.

Error - 1/5/2011 10:52:37 AM | Computer Name = ORAC | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort1, did not respond within the timeout

period.

< End of report >

[Maniac]

Before we go, please visit www.virustotal.com and upload the following file:

C:\WINDOWS\System32\Lfkodak.dll

Post the resaults in your next reply.

[snacksmusic]

Here it is:

Antivirus Version Last update Result

AhnLab-V3 2011.01.06.01 2011.01.06 -

AntiVir 7.11.1.34 2011.01.05 -

Antiy-AVL 2.0.3.7 2011.01.06 -

Avast 4.8.1351.0 2011.01.06 -

Avast5 5.0.677.0 2011.01.06 -

AVG 9.0.0.851 2011.01.06 -

BitDefender 7.2 2011.01.06 -

CAT-QuickHeal 11.00 2011.01.06 -

ClamAV 0.96.4.0 2011.01.05 -

Command 5.2.11.5 2011.01.06 -

Comodo 7312 2011.01.06 -

DrWeb 5.0.2.03300 2011.01.06 -

Emsisoft 5.1.0.1 2011.01.06 -

eSafe 7.0.17.0 2011.01.06 -

eTrust-Vet 36.1.8084 2011.01.06 -

F-Prot 4.6.2.117 2011.01.05 -

F-Secure 9.0.16160.0 2011.01.06 -

Fortinet 4.2.254.0 2011.01.06 -

GData 21 2011.01.06 -

Ikarus T3.1.1.90.0 2011.01.06 -

Jiangmin 13.0.900 2011.01.06 -

K7AntiVirus 9.75.3448 2011.01.05 -

Kaspersky 7.0.0.125 2011.01.06 -

McAfee 5.400.0.1158 2011.01.06 -

McAfee-GW-Edition 2010.1C 2011.01.06 -

Microsoft 1.6402 2011.01.06 -

NOD32 5764 2011.01.06 -

Norman 6.06.12 2011.01.06 -

nProtect 2011-01-06.01 2011.01.06 -

Panda 10.0.2.7 2011.01.05 -

PCTools 7.0.3.5 2011.01.06 -

Prevx 3.0 2011.01.06 -

Rising 22.81.03.00 2011.01.06 -

Sophos 4.60.0 2011.01.06 -

SUPERAntiSpyware 4.40.0.1006 2011.01.06 -

Symantec 20101.3.0.103 2011.01.06 -

TheHacker 6.7.0.1.111 2011.01.06 -

TrendMicro 9.120.0.1004 2011.01.06 -

TrendMicro-HouseCall 9.120.0.1004 2011.01.06 -

VBA32 3.12.14.2 2011.01.05 -

VIPRE 7975 2011.01.06 -

ViRobot 2011.1.6.4240 2011.01.06 -

VirusBuster 13.6.131.0 2011.01.06 -

MD5: cb133964b0bd95397869a356ace8688d

SHA1: e9605a238c75686e23316fa50c29cebc8debc0a8

SHA256: 3617d9268842bcc2a0a0eecbe721584fc1075cdd5eaf0cc0178a707452abd0ba

File size: 95232 bytes

Scan date: 2011-01-06 15:04:16 (UTC)

[Maniac]

Thank you!

• Run OTL.exe
  
• Under Custom Scans/Fixes post the following script:
  

:OTL
O4 - HKCU..\Run: [dbNetcdrom] File not found

:files
C:\Documents and Settings\Owner\Local Settings\Application Data\WdNetCtrl
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp

:Commands
[purity]
[emptytemp]

• Then click the Run Fix button at the top
  
• Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  
• Please post that log in your next reply.
  

[snacksmusic]

Here ya go....

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dbNetcdrom deleted successfully.

========== FILES ==========

C:\Documents and Settings\Owner\Local Settings\Application Data\WdNetCtrl folder moved successfully.

C:\WINDOWS\000001_.tmp moved successfully.

C:\WINDOWS\002496_.tmp moved successfully.

C:\WINDOWS\SET3.tmp moved successfully.

C:\WINDOWS\SET7.tmp moved successfully.

C:\WINDOWS\SETD.tmp moved successfully.

C:\WINDOWS\System32\CONFIG.TMP moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

->Temp folder emptied: 34264114 bytes

->Temporary Internet Files folder emptied: 817552366 bytes

->Java cache emptied: 117527 bytes

->Flash cache emptied: 195153 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3811360 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 80060 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 816.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01072011_100222

Files\Folders moved on Reboot...

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\R4AUTNOB\favicon[2].ico moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\J303HQ0X\contact[1].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\J303HQ0X\favicon[2].ico moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\J303HQ0X\forums_malwarebytes_org[1].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\J303HQ0X\google_com[8].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IWBG9L9V\favicon[3].ico moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IWBG9L9V\index[1].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IWBG9L9V\malwarebytes_org[1].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IRXJI2UV\iframe[2].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I0HD4WNX\index[2].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

[Maniac]

How are things now?

[snacksmusic]

How are things now?

So far, so good Borislav. No IP blocks. Let me know what's next. Thanks!

[snacksmusic]

How are things now?

Alls well here, Mr. Maniac. No IP blocks the past few days. Let me know if you think we're good to go, and if I need to run that defogger or anything else to tidy up.

Thanks again!

K

[Maniac]

Glad to hear that!

Sorry for delay! I am currently sick and have no energy.

Last steps:

Step 1

• Double-click OTL.exe to start the program.
  
• Close all other programs apart from OTL as this step will require a reboot
  
• On the OTL main screen, press the CLEANUP button
  
• Say Yes to the prompt and then allow the program to reboot your computer.
  

Step 2

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing!

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.