Jump to content

Malwarebytes

Desktop infected? themed32.dll missing

- - - - -
Started by Desperate, Jun 16 2010 03:51 AM

42 replies to this topic

#1
Desperate
Posted 16 June 2010 - 03:51 AM

    New Member

  • Members
  • Pip
  • 25 posts
Hi,
I hope someone out there can help with this.

My desktop, running Windows XP, is failing to run numerous applications. An error message "xxx.exe unable to locate component & The application has failed to start because themed32.dll was not found .... " keeps on appearing. Some will run despite this, but userinit.exe wont so my desktop only shows the wallpaper. This happened yesterday at about the same time as several other threads were started by people with the same problem.

Any help would be much appreciated.

Desperate

#2
sjpritch25
Posted 17 June 2010 - 08:18 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida
  • Download OTL.EXE to your desktop.
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.



=========================================



Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

  • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
  • Double-click Gmer.exe to run the program.
  • When the program opens, click the "Rootkit" Tab
  • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
  • Select all drives that are connected to your system to be scanned
  • Click the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Save the gmer scan log and post it in your next reply.
  • Close Gmer
  • Open a command prompt (Start | run |type cmd and hit Enter)
    • Type or paste the following to unload the gmer driver:
    • net stop gmer
    • Hit Enter
    • Exit the command prompt.
  • Re-enable all active protection.

Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#3
Desperate
Posted 18 June 2010 - 02:39 AM

    New Member

  • Members
  • Pip
  • 25 posts
Sorry to be obtuse over this, but could you tell me how to start up the computer and run explorer.exe. At the moment I have no icons on my desktop at all.








View Postsjpritch25, on Jun 18 2010, 02:18 AM, said:

  • Download OTL.EXE to your desktop.
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.



=========================================



Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

  • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
  • Double-click Gmer.exe to run the program.
  • When the program opens, click the "Rootkit" Tab
  • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
  • Select all drives that are connected to your system to be scanned
  • Click the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Save the gmer scan log and post it in your next reply.
  • Close Gmer
  • Open a command prompt (Start | run |type cmd and hit Enter)
    • Type or paste the following to unload the gmer driver:
    • net stop gmer
    • Hit Enter
    • Exit the command prompt.
  • Re-enable all active protection.

#4
sjpritch25
Posted 18 June 2010 - 09:39 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida
no problem....


press ctrl alt delete simultaneously and windows task manager will appear.

Under processes Tab, look for explorer.exe
If found, click on explorer.exe to highlight
Next, click on End Process.

Click on File ---> New Task (run)

Type the following into the box

C:\WINDOWS\explorer.exe and click on Ok


Let me know if you have any issues. Thanks
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#5
Desperate
Posted 18 June 2010 - 10:11 AM

    New Member

  • Members
  • Pip
  • 25 posts
I can open the task manager, despite geting the dialogue that it cannot start, but on typing in the run box C:\WINDOWS.explorer.exe the dialogue appears again that it cannot start because the themed32.dll was not found. Clicking OK, or closing this dialogue, removes explorer.exe from the list of processes runing in the task manager.



View Postsjpritch25, on Jun 18 2010, 03:39 PM, said:

no problem....


press ctrl alt delete simultaneously and windows task manager will appear.

Under processes Tab, look for explorer.exe
If found, click on explorer.exe to highlight
Next, click on End Process.

Click on File ---> New Task (run)

Type the following into the box

C:\WINDOWS\explorer.exe and click on Ok


Let me know if you have any issues. Thanks

#6
sjpritch25
Posted 20 June 2010 - 06:21 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida
Sorry for the delay, i was away for two days. Can you tell me if you are able to get to your desktop yet?

IF not, have you tried booting safe mode?

Again sorry for the delay
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#7
Desperate
Posted 21 June 2010 - 05:44 AM

    New Member

  • Members
  • Pip
  • 25 posts

View Postsjpritch25, on Jun 21 2010, 12:21 AM, said:

Sorry for the delay, i was away for two days. Can you tell me if you are able to get to your desktop yet?

IF not, have you tried booting safe mode?

Again sorry for the delay

Hi,
I can run Internet Explorer from the Task Manager but still can't see my desktop. One worrying thing that I noticed this morning - When taskmansger was open ther seemed to be two versions of iexplorer.exe running.
I downloaded combofix yesterday. I ran despite the themed32.dll error message constantly halting it. It found and removed several trojans. I ran it again and it founf nothing but the problem remains.

#8
Desperate
Posted 21 June 2010 - 01:38 PM

    New Member

  • Members
  • Pip
  • 25 posts
Hi sjpritch,
I got OTL to run. Here is the log.
OTL logfile created on: 21/06/2010 19:12:07 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

512.00 Mb Total Physical Memory | 181.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.66 Gb Free Space | 19.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 178.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAWLINS
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Start BT in service) -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)


========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (uigcrdr) -- C:\WINDOWS\system32\drivers\uigcrdr.SYS (GMX Internet Services Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\WINDOWS\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (GT680x) -- C:\WINDOWS\system32\drivers\gt680x.sys ( )
DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\system32\drivers\SQCaptur.sys (Service & Quality Technology.)
DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows ® 2000 DDK provider)
DRV - (ROB_V) -- C:\WINDOWS\system32\drivers\rob_v.sys (Pinnacle Systems GmbH)
DRV - (pctvvbi) -- C:\WINDOWS\system32\drivers\pctvvbi.sys (Pinnacle Systems)
DRV - (ROB_A) -- C:\WINDOWS\system32\drivers\rob_a.sys (Pinnacle Systems GmbH)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Fasttrak) -- C:\WINDOWS\system32\drivers\Fasttrak.sys (Promise Technology, Inc.)
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (C-Dilla) -- C:\WINDOWS\system32\drivers\CDANT.SYS (Macrovision)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.0.20091214Wb1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:54:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 13:00:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/12 09:19:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/15 13:24:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/15 13:24:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/23 08:23:27 | 000,000,000 | ---D | M]

[2009/03/17 09:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2009/03/17 09:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions
[2010/06/03 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\staged-xpis
[2010/06/14 22:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/21 14:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2010/02/12 09:19:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/22 18:44:05 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/22 18:44:05 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/22 18:44:05 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/04/04 00:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/03/15 13:24:20 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/03/15 13:25:12 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2010/03/15 13:24:04 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/12/22 04:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/22 04:30:24 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/12/22 04:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/22 04:30:24 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/22 04:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/22 04:30:24 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/12/22 04:30:24 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/22 04:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/20 13:54:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GMX_GMX File Storage Manager] C:\Program Files\GMX\GMX File Storage Manager\DAVSRV.EXE (GMX Internet Services Inc.)
O4 - HKCU..\Run: [ILO_Office_Manager] C:\WINDOWS\System32\intedreg.exe ()
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\David\Application Data\SystemProc\lsass.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1198967935390 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1215844976656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.fenlea.c...ImageUpload.dll (IlosoftImageUploadCtl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/05/01 21:01:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/15 17:22:56 | 000,000,031 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell - "" = AutoRun
O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/12/29 21:53:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 19:08:45 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/06/21 14:36:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\David\Application Data\SystemProc
[2010/06/21 14:36:04 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\System
[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\desktop
[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\backup
[2010/06/21 14:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\TmpRecentIcons
[2010/06/20 16:26:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/20 13:21:53 | 000,000,000 | ---D | C] -- C:\cmdcons
[2010/06/20 12:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/20 12:40:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/20 12:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/15 07:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/06/10 17:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\My Albums
[2010/06/07 22:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Driving
[2006/04/16 13:20:05 | 000,017,504 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/21 19:08:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/06/21 14:45:19 | 061,273,118 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/21 14:41:29 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/21 14:41:20 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/21 14:39:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/21 13:35:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1580818891-725345543-1003.job
[2010/06/21 13:35:09 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job
[2010/06/20 16:15:27 | 000,000,535 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/20 13:54:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/15 12:42:57 | 007,299,072 | ---- | M] () -- C:\Documents and Settings\David\ntuser.dat
[2010/06/15 12:38:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini
[2010/06/15 12:20:32 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc
[2010/06/15 07:31:09 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job
[2010/06/14 23:04:52 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc
[2010/06/14 22:00:11 | 000,000,009 | ---- | M] () -- C:\confin.sys
[2010/06/13 09:16:17 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc
[2010/06/12 22:51:16 | 000,001,630 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/12 22:51:16 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/06/12 22:51:13 | 000,083,687 | ---- | M] () -- C:\Documents and Settings\David\FTW.ini
[2010/06/11 13:16:56 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc
[2010/06/09 12:03:56 | 000,619,755 | ---- | M] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG
[2010/06/09 11:58:56 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc
[2010/06/08 15:11:34 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/08 15:11:34 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/08 15:11:34 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/08 13:31:49 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc
[2010/05/30 16:17:35 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc
[2010/05/25 17:26:15 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\David\My Documents\plants to grow 2 .doc
[2010/05/24 15:54:29 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/20 13:22:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/20 13:22:13 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/15 12:42:56 | 007,299,072 | ---- | C] () -- C:\Documents and Settings\David\ntuser.dat
[2010/06/15 12:20:32 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc
[2010/06/15 07:31:09 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job
[2010/06/14 23:04:52 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc
[2010/06/14 22:00:11 | 000,000,009 | ---- | C] () -- C:\confin.sys
[2010/06/14 09:11:34 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job
[2010/06/12 22:39:28 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc
[2010/06/10 19:55:04 | 000,619,755 | ---- | C] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG
[2010/06/09 11:59:14 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc
[2010/06/08 13:31:48 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc
[2010/06/07 12:26:06 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc
[2010/05/30 16:17:35 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc
[2010/05/24 15:54:29 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc
[2009/03/31 13:47:10 | 000,002,314 | ---- | C] () -- C:\WINDOWS\mfforms.ini
[2009/03/31 13:34:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/03/31 13:34:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\pers.ini
[2009/02/05 12:29:37 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2009/02/05 12:29:37 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/12/06 17:00:02 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/05/25 15:06:52 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/11/19 21:37:25 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/09/16 20:51:33 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/11/05 18:24:11 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyd.DLL
[2006/11/05 18:23:11 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI
[2006/09/27 12:35:55 | 000,000,014 | ---- | C] () -- C:\WINDOWS\REPCDRWC.INI
[2006/09/27 12:32:53 | 000,398,336 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2006/09/27 12:32:53 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\UserEdit.dll
[2006/04/17 22:00:08 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/04/16 13:20:05 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2006/03/03 12:16:55 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/07/12 00:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inter[1].INI
[2005/02/05 16:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SQInst32.INI
[2005/02/05 16:39:10 | 000,000,139 | ---- | C] () -- C:\WINDOWS\HELICON.INI
[2005/01/01 19:42:17 | 000,000,511 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/12/24 20:13:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MMResdat.ini
[2004/08/21 21:34:10 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2004/08/21 21:30:02 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/08/21 21:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/08/04 01:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/03 20:27:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2004/03/16 22:19:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2004/02/16 01:50:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/01/05 20:15:32 | 000,001,832 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/12/27 18:22:43 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2003/10/03 16:20:09 | 000,000,770 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2003/09/30 14:53:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4w.DLL
[2003/09/09 07:57:53 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2003/09/09 07:57:52 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2003/09/09 07:40:30 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2003/08/28 19:12:36 | 000,000,222 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI
[2003/08/28 19:09:06 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2003/08/14 17:39:35 | 000,001,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/07/26 15:47:10 | 000,000,475 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/06/21 19:00:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MSBSETUP.INI
[2003/06/08 20:36:54 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2003/06/08 20:36:53 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2003/05/17 20:13:00 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2003/05/17 20:13:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2003/05/17 18:48:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2003/05/04 20:17:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2003/05/04 20:17:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2003/05/04 14:42:44 | 000,000,163 | ---- | C] () -- C:\WINDOWS\KA.INI
[2003/05/01 22:09:17 | 000,000,726 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/01 21:38:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/05/01 21:38:52 | 000,003,698 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2003/05/01 21:38:19 | 000,000,312 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2003/05/01 21:38:14 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2003/05/01 21:38:03 | 000,003,188 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/05/01 21:38:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/05/01 21:23:24 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI
[2003/05/01 21:22:50 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll
[2003/05/01 21:22:50 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll
[2003/05/01 21:22:50 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll
[2003/05/01 21:22:50 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll
[2003/05/01 21:22:50 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll
[2001/09/05 16:48:28 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[2001/08/23 13:00:00 | 000,001,728 | ---- | C] () -- C:\WINDOWS\System32\w0elnhiu.dll
[2001/04/01 18:16:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll
[2000/03/29 01:58:40 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/04/03 20:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2008/09/17 15:42:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/10/23 22:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2005/12/25 12:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/01/17 12:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GMX
[2009/03/31 14:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/03/30 09:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2010/03/31 08:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/03/22 21:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/03/29 16:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/04/07 19:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/15 14:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/11/19 17:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\7Wonders
[2007/02/23 11:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\bang
[2009/04/24 19:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Canon
[2007/11/25 15:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\ForgottenRiddles
[2009/01/17 12:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\GMX
[2007/07/01 13:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Leadertech
[2007/11/12 08:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\My Games
[2010/03/31 08:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\NCH Swift Sound
[2008/05/30 08:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Part deaf save
[2006/10/17 22:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Schoolhouse Technologies
[2008/06/06 16:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SecondLife
[2010/03/11 10:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SmartDraw
[2006/01/15 23:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Softplicity
[2008/07/16 11:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SuperAdBlocker.com
[2010/06/21 14:36:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\David\Application Data\SystemProc
[2010/06/21 14:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\TmpRecentIcons
[2006/05/08 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Ulead Systems
[2010/03/29 15:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Uniblue
[2008/05/29 21:32:50 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\AF833F7A92A8B88E.job
[2010/04/25 10:11:05 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/03/29 16:00:05 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-David-Startup.job
[2010/04/02 16:02:33 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1D9EB272-00C4-4F1F-A8E2-8C2A739B0956}.job
[2009/07/05 17:14:49 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2A220EF1-366B-4CD1-B394-061FCE905A9B}.job
[2010/04/03 00:20:07 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2007/06/30 15:18:01 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Movie Maker.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/05/02 19:38:31 | 000,145,408 | ---- | M] () -- C:\AAD4006 Fine Art.doc
[2009/09/15 17:00:51 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2003/05/01 21:01:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/12/17 12:43:02 | 006,972,738 | RHS- | M] () -- C:\AVG6DB_F.DAT
[2008/07/16 15:52:19 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2008/07/16 15:52:19 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/20 16:26:01 | 000,014,322 | ---- | M] () -- C:\ComboFix.txt
[2006/11/22 18:42:21 | 000,022,016 | ---- | M] () -- C:\Complete Personal Statement (4).doc
[2003/05/01 21:01:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/14 22:00:11 | 000,000,009 | ---- | M] () -- C:\confin.sys
[2007/06/18 21:07:29 | 000,035,840 | ---- | M] () -- C:\guidancenotes.doc
[2004/06/05 16:55:28 | 000,000,067 | ---- | M] () -- C:\inferno.log
[2003/05/01 21:01:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/07/05 11:55:01 | 000,000,960 | -HS- | M] () -- C:\jvmt323v.sys
[2003/06/12 16:45:13 | 004,012,920 | ---- | M] () -- C:\Lemm_log.txt
[2003/05/01 21:01:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/02 19:19:28 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/21 14:39:37 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2006/06/18 20:59:37 | 000,045,568 | ---- | M] () -- C:\Partnership Proposals Jun06.doc
[2007/01/08 20:38:21 | 000,244,224 | ---- | M] () -- C:\PDR Form 2006-7 Jane.doc
[2006/11/21 19:12:13 | 000,023,040 | ---- | M] () -- C:\Personal Statement(2).doc
[2006/11/21 19:15:54 | 000,023,040 | ---- | M] () -- C:\Personal Statement(3).doc
[2010/04/06 15:34:49 | 000,000,268 | ---- | M] () -- C:\rkill.log
[2008/09/30 20:49:30 | 000,230,424 | ---- | M] () -- C:\snp2sxp-001.raw
[2003/07/31 17:07:39 | 000,032,768 | ---- | M] () -- C:\t1uk
[2003/10/24 16:23:23 | 000,036,864 | ---- | M] () -- C:\t2l4
[2003/09/24 17:43:13 | 000,036,864 | ---- | M] () -- C:\t2ng
[2003/12/22 15:27:15 | 000,073,728 | ---- | M] () -- C:\t34k
[2003/12/05 22:08:36 | 000,032,768 | ---- | M] () -- C:\t3g0
[2003/10/24 16:46:34 | 000,032,768 | ---- | M] () -- C:\tr4
[2003/11/10 17:29:40 | 000,032,768 | ---- | M] () -- C:\trs
[2003/10/12 14:07:00 | 000,032,768 | ---- | M] () -- C:\tvc
[2004/05/02 15:55:37 | 000,000,014 | ---- | M] () -- C:\win2.log
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/12/29 21:19:03 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/12/29 21:19:02 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/12/29 21:39:12 | 030,146,560 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/12/29 21:39:12 | 004,194,304 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680086AB
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51A22C60
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1
< End of report >


A second window didn't open. I'll look for Extras.txt with task manager

#9
Desperate
Posted 21 June 2010 - 01:42 PM

    New Member

  • Members
  • Pip
  • 25 posts
Here it is.
OTL Extras logfile created on: 21/06/2010 19:12:08 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

512.00 Mb Total Physical Memory | 181.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.66 Gb Free Space | 19.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 178.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAWLINS
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"6346:TCP" = 6346:TCP:*:Enabled:limewire
"6346:UDP" = 6346:UDP:*:Enabled:Frostwire

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\??\C:\WINDOWS\system32\winlogon.exe" = \??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:explorer -- (Microsoft Corporation)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Team17\Worms Armageddon\WA.exe" = C:\Team17\Worms Armageddon\WA.exe:*:Enabled:Worms Armageddon -- File not found
"C:\Program Files\Kontiki\KHost.exe" = C:\Program Files\Kontiki\KHost.exe:*:Enabled:Delivery Manager -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\RECYCLER\S-1-5-21-1644491937-1580818891-725345543-1004\Dc175\firefox.exe" = C:\RECYCLER\S-1-5-21-1644491937-1580818891-725345543-1004\Dc175\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Disabled:msu -- (Motorola)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.9.0.20
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C02ED4F-46B0-4E9E-87F7-47AEBA4031C8}" = PCTV
"{4038EAF0-6F8E-4068-88F6-A417958B8AC5}" = PDF Manual NW-E010 Series
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{6222F1AF-9C44-4E85-9C70-2C86385B137E}" = 802.11g Wireless LAN PCI Card Driver and Utility
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}" = Bluesoleil2.7.0.13 VoIP Release 071227
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9BE2669E-2BD8-4164-A8B5-C904C864B403}" = WA Update v3.50 beta2
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C82E1703-ACBB-4015-856B-A8A0E5BAC661}" = Ulead CD & DVD PictureShow 3 SE Basic
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"040a_5005" = USB MassStorage CardReader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Ask Toolbar_is1" = Ask Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"CANONBJ_Deinstall_CNMCP4w.DLL" = Canon i450
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Continuing Professional Development Presentation" = Continuing Professional Development Presentation
"CSCLIB" = Canon Camera Support Core Library
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DFX for Windows Media Player" = DFX for Windows Media Player
"DPP" = Canon Utilities Digital Photo Professional 3.4
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Eusing Free Registry Defrag" = Eusing Free Registry Defrag
"Evrsoft First Page 2006_is1" = Evrsoft First Page 2006
"Family Tree Maker" = Family Tree Maker 6.0
"Focus on Science investigations 1 -second edition" = Focus on Science investigations 1 -second edition
"Focus on Science Investigations 2" = Focus on Science Investigations 2
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GMX File Storage Manager" = GMX File Storage Manager
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HR Manager" = HR Manager
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LimeWire" = LimeWire 5.1.2
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly 3" = Monopoly 3
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera" = Canon Utilities MyCamera
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"QuickTime32" = QuickTime for Windows (32-bit)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rolling Balls 1.0" = Rolling Balls 1.0
"Spotify" = Spotify
"StarWraith3" = StarWraith3
"Switch" = Switch Sound File Converter
"VCW VicMan's Photo Editor_is1" = VCW VicMan's Photo Editor 8.1
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"WavePad" = WavePad Sound Editor
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Wild Growth Enchantment Screen Saver" = Wild Growth Enchantment Screen Saver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Update Remover" = Windows Update Remover
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2010" = SmartDraw 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/06/2010 11:05:48 | Computer Name = RAWLINS | Source = Google Update | ID = 20
Description =

Error - 21/06/2010 08:22:16 | Computer Name = RAWLINS | Source = Microsoft Office 10 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Excel.

[ System Events ]
Error - 21/06/2010 08:52:24 | Computer Name = RAWLINS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21/06/2010 08:55:43 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Error - 21/06/2010 09:25:48 | Computer Name = RAWLINS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21/06/2010 09:26:09 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 21/06/2010 09:26:09 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 21/06/2010 09:26:09 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 21/06/2010 09:26:09 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 21/06/2010 09:26:09 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SABKUTIL Tcpip
uigcrdr
WS2IFSL

Error - 21/06/2010 09:32:02 | Computer Name = RAWLINS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21/06/2010 09:41:24 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL


< End of report >

#10
Desperate
Posted 21 June 2010 - 01:54 PM

    New Member

  • Members
  • Pip
  • 25 posts
I going to download and run GMER but could you please clarify "

#11
sjpritch25
Posted 21 June 2010 - 03:14 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida
via task manager please open otl.exe

Under custom scan, paste the following code

/md5start
shell32.dll
/md5stop

Then click on run.

I believe the problem is a patched system file.


Could you please post the ComboFix log too?
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#12
Desperate
Posted 22 June 2010 - 03:50 AM

    New Member

  • Members
  • Pip
  • 25 posts
Hello sjpritch,
Here's the OTL log. Thanks for your help. Combofix log to follow.
OTL logfile created on: 22/06/2010 09:23:44 - Run 2
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

512.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.62 Gb Free Space | 19.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 178.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAWLINS
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Start BT in service) -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)


========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (uigcrdr) -- C:\WINDOWS\system32\drivers\uigcrdr.SYS (GMX Internet Services Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\WINDOWS\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (GT680x) -- C:\WINDOWS\system32\drivers\gt680x.sys ( )
DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\system32\drivers\SQCaptur.sys (Service & Quality Technology.)
DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows ® 2000 DDK provider)
DRV - (ROB_V) -- C:\WINDOWS\system32\drivers\rob_v.sys (Pinnacle Systems GmbH)
DRV - (pctvvbi) -- C:\WINDOWS\system32\drivers\pctvvbi.sys (Pinnacle Systems)
DRV - (ROB_A) -- C:\WINDOWS\system32\drivers\rob_a.sys (Pinnacle Systems GmbH)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Fasttrak) -- C:\WINDOWS\system32\drivers\Fasttrak.sys (Promise Technology, Inc.)
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (C-Dilla) -- C:\WINDOWS\system32\drivers\CDANT.SYS (Macrovision)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:54:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/12 09:19:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/15 13:24:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/15 13:24:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/23 08:23:27 | 000,000,000 | ---D | M]

[2009/03/17 09:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions
[2010/06/03 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\staged-xpis
[2010/06/14 22:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/21 14:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2009/12/22 04:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/22 04:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/22 04:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/22 04:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/20 13:54:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GMX_GMX File Storage Manager] C:\Program Files\GMX\GMX File Storage Manager\DAVSRV.EXE (GMX Internet Services Inc.)
O4 - HKCU..\Run: [ILO_Office_Manager] C:\WINDOWS\System32\intedreg.exe ()
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\David\Application Data\SystemProc\lsass.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1198967935390 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1215844976656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.fenlea.c...ImageUpload.dll (IlosoftImageUploadCtl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/05/01 21:01:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/15 17:22:56 | 000,000,031 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell - "" = AutoRun
O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 19:08:45 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/06/21 14:36:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\David\Application Data\SystemProc
[2010/06/21 14:36:04 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\System
[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\desktop
[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\backup
[2010/06/21 14:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\TmpRecentIcons
[2010/06/20 16:26:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/20 13:21:53 | 000,000,000 | ---D | C] -- C:\cmdcons
[2010/06/20 12:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/20 12:40:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/20 12:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/15 07:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/06/10 17:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\My Albums
[2010/06/07 22:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Driving
[2006/04/16 13:20:05 | 000,017,504 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/22 09:10:55 | 061,289,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/22 09:08:32 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/22 09:08:04 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/22 09:07:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/21 20:14:17 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/21 20:05:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1580818891-725345543-1003.job
[2010/06/21 20:05:46 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job
[2010/06/21 19:59:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\David\Desktop\2j59kyj1.exe
[2010/06/21 19:08:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/06/20 13:54:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/15 12:42:57 | 007,299,072 | ---- | M] () -- C:\Documents and Settings\David\ntuser.dat
[2010/06/15 12:38:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini
[2010/06/15 12:20:32 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc
[2010/06/15 07:31:09 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job
[2010/06/14 23:04:52 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc
[2010/06/14 22:00:11 | 000,000,009 | ---- | M] () -- C:\confin.sys
[2010/06/13 09:16:17 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc
[2010/06/12 22:51:16 | 000,001,630 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/12 22:51:16 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/06/12 22:51:13 | 000,083,687 | ---- | M] () -- C:\Documents and Settings\David\FTW.ini
[2010/06/11 13:16:56 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc
[2010/06/09 12:03:56 | 000,619,755 | ---- | M] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG
[2010/06/09 11:58:56 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc
[2010/06/08 15:11:34 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/08 15:11:34 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/08 15:11:34 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/08 13:31:49 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc
[2010/05/30 16:17:35 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc
[2010/05/25 17:26:15 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\David\My Documents\plants to grow 2 .doc
[2010/05/24 15:54:29 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/21 19:58:56 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\David\Desktop\2j59kyj1.exe
[2010/06/20 13:22:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/20 13:22:13 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/15 12:42:56 | 007,299,072 | ---- | C] () -- C:\Documents and Settings\David\ntuser.dat
[2010/06/15 12:20:32 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc
[2010/06/15 07:31:09 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job
[2010/06/14 23:04:52 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc
[2010/06/14 22:00:11 | 000,000,009 | ---- | C] () -- C:\confin.sys
[2010/06/14 09:11:34 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job
[2010/06/12 22:39:28 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc
[2010/06/10 19:55:04 | 000,619,755 | ---- | C] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG
[2010/06/09 11:59:14 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc
[2010/06/08 13:31:48 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc
[2010/06/07 12:26:06 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc
[2010/05/30 16:17:35 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc
[2010/05/24 15:54:29 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc
[2009/03/31 13:47:10 | 000,002,314 | ---- | C] () -- C:\WINDOWS\mfforms.ini
[2009/03/31 13:34:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/03/31 13:34:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\pers.ini
[2009/02/05 12:29:37 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2009/02/05 12:29:37 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/12/06 17:00:02 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/05/25 15:06:52 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/11/19 21:37:25 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/09/16 20:51:33 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/11/05 18:24:11 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyd.DLL
[2006/11/05 18:23:11 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI
[2006/09/27 12:35:55 | 000,000,014 | ---- | C] () -- C:\WINDOWS\REPCDRWC.INI
[2006/09/27 12:32:53 | 000,398,336 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2006/09/27 12:32:53 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\UserEdit.dll
[2006/04/17 22:00:08 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/04/16 13:20:05 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2006/03/03 12:16:55 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/07/12 00:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inter[1].INI
[2005/02/05 16:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SQInst32.INI
[2005/02/05 16:39:10 | 000,000,139 | ---- | C] () -- C:\WINDOWS\HELICON.INI
[2005/01/01 19:42:17 | 000,000,511 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/12/24 20:13:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MMResdat.ini
[2004/08/21 21:34:10 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2004/08/21 21:30:02 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/08/21 21:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/08/04 01:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/03 20:27:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2004/03/16 22:19:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2004/02/16 01:50:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/01/05 20:15:32 | 000,001,832 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/12/27 18:22:43 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2003/10/03 16:20:09 | 000,000,770 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2003/09/30 14:53:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4w.DLL
[2003/09/09 07:57:53 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2003/09/09 07:57:52 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2003/09/09 07:40:30 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2003/08/28 19:12:36 | 000,000,222 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI
[2003/08/28 19:09:06 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2003/08/14 17:39:35 | 000,001,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/07/26 15:47:10 | 000,000,475 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/06/21 19:00:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MSBSETUP.INI
[2003/06/08 20:36:54 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2003/06/08 20:36:53 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2003/05/17 20:13:00 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2003/05/17 20:13:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2003/05/17 18:48:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2003/05/04 20:17:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2003/05/04 20:17:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2003/05/04 14:42:44 | 000,000,163 | ---- | C] () -- C:\WINDOWS\KA.INI
[2003/05/01 22:09:17 | 000,000,726 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/01 21:38:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/05/01 21:38:52 | 000,003,698 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2003/05/01 21:38:19 | 000,000,312 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2003/05/01 21:38:14 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2003/05/01 21:38:03 | 000,003,188 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/05/01 21:38:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/05/01 21:23:24 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI
[2003/05/01 21:22:50 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll
[2003/05/01 21:22:50 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll
[2003/05/01 21:22:50 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll
[2003/05/01 21:22:50 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll
[2003/05/01 21:22:50 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll
[2001/09/05 16:48:28 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[2001/08/23 13:00:00 | 000,001,728 | ---- | C] () -- C:\WINDOWS\System32\w0elnhiu.dll
[2001/04/01 18:16:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll
[2000/03/29 01:58:40 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========



< MD5 for: SHELL32.DLL >
[2008/06/17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\system32\dllcache\shell32.dll
[2008/06/17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\system32\shell32.dll
[2008/04/14 01:12:05 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=0CF50B1F45DAB08430C1DBB79FE2CA5B -- C:\WINDOWS\ServicePackFiles\i386\shell32.dll
[2008/06/17 20:04:34 | 008,461,824 | ---- | M] (Microsoft Corporation) MD5=270CE1BFDF019A3D7527F1DA6FB1FA96 -- C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll
[2005/09/23 04:18:20 | 008,452,608 | ---- | M] (Microsoft Corporation) MD5=2B7DD09E1DE64B094409E3D43E248716 -- C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll
[2007/10/26 04:34:01 | 008,460,288 | ---- | M] (Microsoft Corporation) MD5=3BE4C2E84D99889685FE2B68E5FA2A9D -- C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
[2003/06/11 13:43:48 | 008,240,640 | ---- | M] (Microsoft Corporation) MD5=46EC8881647FC015DDC2B08EB2B24A29 -- C:\WINDOWS\$xpsp1hfm$\KB821557\shell32.dll
[2006/03/17 05:46:31 | 008,454,656 | ---- | M] (Microsoft Corporation) MD5=5371E3BAE6FA21C26730C19FA8819335 -- C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll
[2006/03/17 05:03:54 | 008,452,096 | ---- | M] (Microsoft Corporation) MD5=6DDC1304FC3E6849D2BAD23D95E9573B -- C:\WINDOWS\$hf_mig$\KB908531\SP2GDR\shell32.dll
[2007/10/26 04:36:51 | 008,454,656 | ---- | M] (Microsoft Corporation) MD5=BC061480F01EAB948744C6C5E24FB7A8 -- C:\WINDOWS\$NtServicePackUninstall$\shell32.dll
[2006/07/13 15:03:23 | 008,457,728 | ---- | M] (Microsoft Corporation) MD5=BCDA9264F73B21DF325A10D99C6FB44A -- C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\shell32.dll
[2005/09/23 04:05:29 | 008,450,560 | ---- | M] (Microsoft Corporation) MD5=C1BCFEC67E712B6A00AD00ADFCBFD02E -- C:\WINDOWS\$hf_mig$\KB900725\SP2GDR\shell32.dll
[2006/12/19 22:50:10 | 008,458,752 | ---- | M] (Microsoft Corporation) MD5=C21253CC2EA4001EB3D93CD98E9B35FE -- C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
[2006/07/13 14:33:27 | 008,453,632 | ---- | M] (Microsoft Corporation) MD5=F056B4771408966694DE5D9BF79B48F8 -- C:\WINDOWS\$hf_mig$\KB921398\SP2GDR\shell32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680086AB
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51A22C60
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1
< End of report >

#13
Desperate
Posted 22 June 2010 - 03:57 AM

    New Member

  • Members
  • Pip
  • 25 posts
Hello sjpritch,
Here's the OTL log. Thanks for your help. Combofix log to follow.
OTL logfile created on: 22/06/2010 09:23:44 - Run 2
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

512.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.62 Gb Free Space | 19.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 178.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAWLINS
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Start BT in service) -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)


========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (uigcrdr) -- C:\WINDOWS\system32\drivers\uigcrdr.SYS (GMX Internet Services Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\WINDOWS\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (GT680x) -- C:\WINDOWS\system32\drivers\gt680x.sys ( )
DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\system32\drivers\SQCaptur.sys (Service & Quality Technology.)
DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows ® 2000 DDK provider)
DRV - (ROB_V) -- C:\WINDOWS\system32\drivers\rob_v.sys (Pinnacle Systems GmbH)
DRV - (pctvvbi) -- C:\WINDOWS\system32\drivers\pctvvbi.sys (Pinnacle Systems)
DRV - (ROB_A) -- C:\WINDOWS\system32\drivers\rob_a.sys (Pinnacle Systems GmbH)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Fasttrak) -- C:\WINDOWS\system32\drivers\Fasttrak.sys (Promise Technology, Inc.)
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (C-Dilla) -- C:\WINDOWS\system32\drivers\CDANT.SYS (Macrovision)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:54:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/12 09:19:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/15 13:24:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/15 13:24:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/23 08:23:27 | 000,000,000 | ---D | M]

[2009/03/17 09:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions
[2010/06/03 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\staged-xpis
[2010/06/14 22:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/21 14:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2009/12/22 04:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/22 04:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/22 04:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/22 04:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/20 13:54:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GMX_GMX File Storage Manager] C:\Program Files\GMX\GMX File Storage Manager\DAVSRV.EXE (GMX Internet Services Inc.)
O4 - HKCU..\Run: [ILO_Office_Manager] C:\WINDOWS\System32\intedreg.exe ()
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\David\Application Data\SystemProc\lsass.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1198967935390 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1215844976656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.fenlea.c...ImageUpload.dll (IlosoftImageUploadCtl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/05/01 21:01:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/15 17:22:56 | 000,000,031 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell - "" = AutoRun
O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 19:08:45 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/06/21 14:36:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\David\Application Data\SystemProc
[2010/06/21 14:36:04 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\System
[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\desktop
[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\backup
[2010/06/21 14:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\TmpRecentIcons
[2010/06/20 16:26:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/20 13:21:53 | 000,000,000 | ---D | C] -- C:\cmdcons
[2010/06/20 12:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/20 12:40:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/20 12:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/15 07:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/06/10 17:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\My Albums
[2010/06/07 22:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Driving
[2006/04/16 13:20:05 | 000,017,504 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/22 09:10:55 | 061,289,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/22 09:08:32 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/22 09:08:04 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/22 09:07:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/21 20:14:17 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/21 20:05:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1580818891-725345543-1003.job
[2010/06/21 20:05:46 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job
[2010/06/21 19:59:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\David\Desktop\2j59kyj1.exe
[2010/06/21 19:08:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/06/20 13:54:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/15 12:42:57 | 007,299,072 | ---- | M] () -- C:\Documents and Settings\David\ntuser.dat
[2010/06/15 12:38:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini
[2010/06/15 12:20:32 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc
[2010/06/15 07:31:09 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job
[2010/06/14 23:04:52 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc
[2010/06/14 22:00:11 | 000,000,009 | ---- | M] () -- C:\confin.sys
[2010/06/13 09:16:17 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc
[2010/06/12 22:51:16 | 000,001,630 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/12 22:51:16 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/06/12 22:51:13 | 000,083,687 | ---- | M] () -- C:\Documents and Settings\David\FTW.ini
[2010/06/11 13:16:56 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc
[2010/06/09 12:03:56 | 000,619,755 | ---- | M] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG
[2010/06/09 11:58:56 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc
[2010/06/08 15:11:34 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/08 15:11:34 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/08 15:11:34 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/08 13:31:49 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc
[2010/05/30 16:17:35 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc
[2010/05/25 17:26:15 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\David\My Documents\plants to grow 2 .doc
[2010/05/24 15:54:29 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/21 19:58:56 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\David\Desktop\2j59kyj1.exe
[2010/06/20 13:22:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/20 13:22:13 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/15 12:42:56 | 007,299,072 | ---- | C] () -- C:\Documents and Settings\David\ntuser.dat
[2010/06/15 12:20:32 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc
[2010/06/15 07:31:09 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job
[2010/06/14 23:04:52 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc
[2010/06/14 22:00:11 | 000,000,009 | ---- | C] () -- C:\confin.sys
[2010/06/14 09:11:34 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job
[2010/06/12 22:39:28 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc
[2010/06/10 19:55:04 | 000,619,755 | ---- | C] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG
[2010/06/09 11:59:14 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc
[2010/06/08 13:31:48 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc
[2010/06/07 12:26:06 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc
[2010/05/30 16:17:35 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc
[2010/05/24 15:54:29 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc
[2009/03/31 13:47:10 | 000,002,314 | ---- | C] () -- C:\WINDOWS\mfforms.ini
[2009/03/31 13:34:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/03/31 13:34:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\pers.ini
[2009/02/05 12:29:37 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2009/02/05 12:29:37 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/12/06 17:00:02 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/05/25 15:06:52 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/11/19 21:37:25 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/09/16 20:51:33 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/11/05 18:24:11 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyd.DLL
[2006/11/05 18:23:11 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI
[2006/09/27 12:35:55 | 000,000,014 | ---- | C] () -- C:\WINDOWS\REPCDRWC.INI
[2006/09/27 12:32:53 | 000,398,336 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2006/09/27 12:32:53 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\UserEdit.dll
[2006/04/17 22:00:08 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/04/16 13:20:05 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2006/03/03 12:16:55 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/07/12 00:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inter[1].INI
[2005/02/05 16:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SQInst32.INI
[2005/02/05 16:39:10 | 000,000,139 | ---- | C] () -- C:\WINDOWS\HELICON.INI
[2005/01/01 19:42:17 | 000,000,511 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/12/24 20:13:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MMResdat.ini
[2004/08/21 21:34:10 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2004/08/21 21:30:02 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/08/21 21:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/08/04 01:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/03 20:27:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2004/03/16 22:19:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2004/02/16 01:50:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/01/05 20:15:32 | 000,001,832 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/12/27 18:22:43 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2003/10/03 16:20:09 | 000,000,770 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2003/09/30 14:53:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4w.DLL
[2003/09/09 07:57:53 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2003/09/09 07:57:52 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2003/09/09 07:40:30 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2003/08/28 19:12:36 | 000,000,222 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI
[2003/08/28 19:09:06 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2003/08/14 17:39:35 | 000,001,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/07/26 15:47:10 | 000,000,475 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/06/21 19:00:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MSBSETUP.INI
[2003/06/08 20:36:54 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2003/06/08 20:36:53 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2003/05/17 20:13:00 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2003/05/17 20:13:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2003/05/17 18:48:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2003/05/04 20:17:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2003/05/04 20:17:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2003/05/04 14:42:44 | 000,000,163 | ---- | C] () -- C:\WINDOWS\KA.INI
[2003/05/01 22:09:17 | 000,000,726 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/01 21:38:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/05/01 21:38:52 | 000,003,698 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2003/05/01 21:38:19 | 000,000,312 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2003/05/01 21:38:14 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2003/05/01 21:38:03 | 000,003,188 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/05/01 21:38:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/05/01 21:23:24 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI
[2003/05/01 21:22:50 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll
[2003/05/01 21:22:50 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll
[2003/05/01 21:22:50 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll
[2003/05/01 21:22:50 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll
[2003/05/01 21:22:50 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll
[2001/09/05 16:48:28 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[2001/08/23 13:00:00 | 000,001,728 | ---- | C] () -- C:\WINDOWS\System32\w0elnhiu.dll
[2001/04/01 18:16:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll
[2000/03/29 01:58:40 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========



< MD5 for: SHELL32.DLL >
[2008/06/17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\system32\dllcache\shell32.dll
[2008/06/17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\system32\shell32.dll
[2008/04/14 01:12:05 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=0CF50B1F45DAB08430C1DBB79FE2CA5B -- C:\WINDOWS\ServicePackFiles\i386\shell32.dll
[2008/06/17 20:04:34 | 008,461,824 | ---- | M] (Microsoft Corporation) MD5=270CE1BFDF019A3D7527F1DA6FB1FA96 -- C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll
[2005/09/23 04:18:20 | 008,452,608 | ---- | M] (Microsoft Corporation) MD5=2B7DD09E1DE64B094409E3D43E248716 -- C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll
[2007/10/26 04:34:01 | 008,460,288 | ---- | M] (Microsoft Corporation) MD5=3BE4C2E84D99889685FE2B68E5FA2A9D -- C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
[2003/06/11 13:43:48 | 008,240,640 | ---- | M] (Microsoft Corporation) MD5=46EC8881647FC015DDC2B08EB2B24A29 -- C:\WINDOWS\$xpsp1hfm$\KB821557\shell32.dll
[2006/03/17 05:46:31 | 008,454,656 | ---- | M] (Microsoft Corporation) MD5=5371E3BAE6FA21C26730C19FA8819335 -- C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll
[2006/03/17 05:03:54 | 008,452,096 | ---- | M] (Microsoft Corporation) MD5=6DDC1304FC3E6849D2BAD23D95E9573B -- C:\WINDOWS\$hf_mig$\KB908531\SP2GDR\shell32.dll
[2007/10/26 04:36:51 | 008,454,656 | ---- | M] (Microsoft Corporation) MD5=BC061480F01EAB948744C6C5E24FB7A8 -- C:\WINDOWS\$NtServicePackUninstall$\shell32.dll
[2006/07/13 15:03:23 | 008,457,728 | ---- | M] (Microsoft Corporation) MD5=BCDA9264F73B21DF325A10D99C6FB44A -- C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\shell32.dll
[2005/09/23 04:05:29 | 008,450,560 | ---- | M] (Microsoft Corporation) MD5=C1BCFEC67E712B6A00AD00ADFCBFD02E -- C:\WINDOWS\$hf_mig$\KB900725\SP2GDR\shell32.dll
[2006/12/19 22:50:10 | 008,458,752 | ---- | M] (Microsoft Corporation) MD5=C21253CC2EA4001EB3D93CD98E9B35FE -- C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
[2006/07/13 14:33:27 | 008,453,632 | ---- | M] (Microsoft Corporation) MD5=F056B4771408966694DE5D9BF79B48F8 -- C:\WINDOWS\$hf_mig$\KB921398\SP2GDR\shell32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680086AB
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51A22C60
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1
< End of report >

#14
Desperate
Posted 22 June 2010 - 04:57 AM

    New Member

  • Members
  • Pip
  • 25 posts
I just downloaded combofix again and ran it. It rebooted windows but did't open a log window. Has it stored the logfile somewhere? If so, how do I access it to post it here?

Thanks

#15
sjpritch25
Posted 22 June 2010 - 08:08 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida
log is usually saved here

c:\combofix.txt


open taskmanager again

Go to File task(run)---> cmd and press ok

type the following

ren C:\windows\system32\uxtheme.dll uxtheme.dll.vir

press enter.


Let me know if windows doesn't replace the file. You may need to reboot your computer. Let me know if your desktop doesn't appear again. Thanks
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#16
Desperate
Posted 23 June 2010 - 02:51 AM

    New Member

  • Members
  • Pip
  • 25 posts
Hello again,


View Postsjpritch25, on Jun 23 2010, 01:08 AM, said:

log is usually saved here

c:\combofix.txt
Yes, that's what I understood but windows can't find it there and, when browsing, I can't see any .txt files in the combofix folder

View Postsjpritch25, on Jun 23 2010, 01:08 AM, said:

open taskmanager again

Go to File task(run)---> cmd and press ok

type the following

ren C:\windows\system32\uxtheme.dll uxtheme.dll.vir

press enter.


Let me know if windows doesn't replace the file. You may need to reboot your computer. Let me know if your desktop doesn't appear again. Thanks
I did as you suggest above but I'm stuck with the error message "The filename, directory name, or volume label syntax is incorrect" This is, I think, because the cursor is flashing at C:\Documents and Setting\David> and, I'm ashamed to say, that I don't know the DOS commands to get to the C: drive. :welcome:

#17
sjpritch25
Posted 23 June 2010 - 10:40 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida
sorry about that

type in 

cd c:\windows\system32
followed by the enter key. Then try renaming it again.
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#18
Desperate
Posted 24 June 2010 - 05:08 AM

    New Member

  • Members
  • Pip
  • 25 posts

View Postsjpritch25, on Jun 23 2010, 03:40 PM, said:

sorry about that

type in 

cd c:\windows\system32
followed by the enter key. Then try renaming it again.
OK. As far as I can tell, it worked.

#19
Desperate
Posted 24 June 2010 - 07:36 AM

    New Member

  • Members
  • Pip
  • 25 posts
:P YES ;) IT WORKED :)

I rebooted for the changes to take effect and the desktop was back, looking how it shoud, and no sign of that !$**%! error message. Sjpritch25, I don't know what you did, or how renaming a file worked, but you're a lifesaver. Thank you sooooo much!

On top of the desktop icons was a combofix window with combofix still trying to creat a logfile. So that answers why I couldn't find it. It had hung and, after an hour, I closed it and ran it again from scratch. Here is it's log

ComboFix 10-06-23.03 - David 01/01/2002 3:03.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.146 [GMT 0:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jane\gotomypc_438.exe
c:\windows\system\winspool.drv
c:\windows\system32\CMMGR32.EXE
c:\windows\system32\tmpf00.exe
c:\windows\system32\tmpf01.exe
.
---- Previous Run -------
.
C:\confin.sys
c:\documents and settings\David\Application Data\SystemProc\lsass.exe
c:\documents and settings\David\FTOINST.EXE
c:\documents and settings\David\FTOSUB.EXE
c:\documents and settings\David\FTWSK32.DLL
c:\documents and settings\David\FTWSKC32.DLL
c:\documents and settings\David\FTWTLBR.DLL
c:\documents and settings\David\FTWWRP32.DLL
c:\documents and settings\David\IMAGING.DLL
c:\documents and settings\David\IMPLODE.DLL
c:\documents and settings\David\INFOLINK.DLL
c:\documents and settings\David\PG30.DLL
c:\documents and settings\David\PGCNTL32.DLL
c:\documents and settings\David\TextEditor.dll
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\windows\patch.exe
c:\windows\reg.reg

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2001-12-01 to 2002-01-01 )))))))))))))))))))))))))))))))
.

2010-06-21 13:36 . 2010-06-21 13:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-20 11:13 . 2010-06-20 11:13 -------- d-----w- c:\program files\Trend Micro
2010-06-15 06:29 . 2010-06-15 06:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-05-13 19:48 . 2010-05-13 19:48 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\Temp
2010-04-28 07:53 . 2010-04-28 07:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-04-22 11:51 . 2010-04-22 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-22 11:51 . 2010-04-22 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-04-22 11:51 . 2010-04-28 07:52 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-22 09:05 . 2010-04-22 09:05 -------- d-----w- c:\program files\Rolling Balls 1.0
2010-04-22 08:15 . 2010-04-22 08:15 361984 ----a-w- c:\windows\system32\Wild Growth Enchantment.scr
2010-04-15 11:08 . 2010-02-17 08:10 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 11:08 . 2010-02-16 13:25 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-08 08:02 . 2010-04-08 08:06 -------- d-----w- c:\program files\Eusing Free Registry Defrag
2010-04-08 07:53 . 2010-04-14 09:18 -------- d-----w- c:\program files\Free Internet Window Washer
2010-04-06 14:53 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 14:53 . 2010-06-21 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 14:53 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 07:39 . 2010-03-31 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-03-31 07:39 . 2010-03-31 07:39 -------- d-----w- c:\documents and settings\David\Application Data\NCH Swift Sound
2010-03-29 15:23 . 2010-03-29 15:23 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-03-29 14:32 . 2010-03-29 14:32 -------- d-----w- c:\documents and settings\David\Application Data\Uniblue
2010-03-26 21:42 . 2010-03-26 21:42 -------- d-----w- c:\documents and settings\David\Application Data\Apple Computer
2010-03-22 20:20 . 2010-03-22 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-03-15 22:24 . 2007-05-09 01:10 237552 ----a-w- c:\windows\system32\tpuninst.exe
2010-03-15 22:24 . 2010-03-15 22:24 -------- d-----w- c:\program files\Windows Update Remover
2010-03-15 13:10 . 2010-03-15 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-03-15 12:26 . 2010-03-15 12:26 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Real
2010-03-15 12:23 . 2010-03-15 12:23 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-11 08:31 . 2010-03-11 09:25 -------- d-----w- c:\program files\SmartDraw 2010
2010-03-10 07:56 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-12 04:33 . 2010-02-12 04:33 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2010-01-13 14:01 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-01-13 07:07 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-24 06:59 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2009-12-16 18:43 . 2009-12-16 18:43 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08 . 2009-12-14 07:08 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-04 08:59 . 2009-12-04 08:59 -------- d-----w- c:\documents and settings\David\Application Data\AVG8
2009-12-03 13:02 . 2009-12-03 13:05 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2009-11-27 16:07 . 2009-11-27 16:07 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2009-10-21 05:38 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-09-09 08:57 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-04 21:03 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-08-12 20:52 . 2009-08-12 20:54 34 ----a-w- c:\documents and settings\Shona\jagex_runescape_preferences.dat
2009-08-11 18:18 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-07-21 00:05 . 2009-07-21 00:05 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-07-17 16:22 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-07-11 18:25 . 2009-07-11 18:25 -------- d-sh--w- c:\documents and settings\Shona\IECompatCache
2009-07-03 05:54 . 2009-07-03 05:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-25 08:25 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 08:25 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 08:25 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-06-24 11:18 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-20 15:13 . 2009-06-20 15:13 -------- d-sh--w- c:\documents and settings\Jane\PrivacIE
2009-06-20 13:14 . 2009-06-20 13:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-16 16:40 . 2009-06-16 16:40 -------- d-sh--w- c:\documents and settings\Jane\IETldCache
2009-06-16 14:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-06-15 09:05 . 2009-06-15 09:05 -------- d-sh--w- c:\documents and settings\David\IECompatCache
2009-06-15 08:56 . 2009-06-15 08:56 -------- d-sh--w- c:\documents and settings\David\PrivacIE
2009-06-15 07:39 . 2009-06-15 07:39 -------- d-sh--w- c:\documents and settings\David\IETldCache
2009-06-15 05:57 . 2009-06-15 05:57 -------- d-sh--w- c:\documents and settings\Shona\PrivacIE
2009-06-15 05:13 . 2009-06-15 05:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-15 05:12 . 2009-06-15 05:12 -------- d-sh--w- c:\documents and settings\Shona\IETldCache
2009-06-14 21:32 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-14 21:32 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-14 21:31 . 2010-04-15 10:59 -------- d-----w- c:\windows\ie8updates
2009-06-14 21:30 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-14 21:25 . 2009-06-14 21:29 -------- dc-h--w- c:\windows\ie8
2009-06-12 12:31 . 2009-06-12 12:31 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 12:31 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-06-10 14:13 . 2009-11-27 16:07 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 06:14 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-05-29 13:32 . 2010-02-25 12:28 -------- d-----w- c:\program files\NCH Software
2009-05-29 13:32 . 2009-05-29 13:33 -------- d-----w- c:\program files\NCH Swift Sound
2009-05-29 13:32 . 2009-05-29 13:34 -------- d-----w- c:\documents and settings\Shona\Application Data\NCH Swift Sound
2009-05-10 10:35 . 2009-05-10 10:35 -------- d-----w- c:\documents and settings\Shona\Local Settings\Application Data\Apple Computer
2009-05-10 10:34 . 2009-06-10 17:51 -------- d-----w- c:\documents and settings\Shona\Application Data\Audacity
2009-05-10 10:33 . 2009-05-10 10:33 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-05-07 15:32 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-05-03 20:06 . 2009-07-11 17:33 -------- d-----w- c:\documents and settings\Shona\Application Data\Canon
2009-04-30 14:45 . 2009-04-30 14:48 -------- d-----w- c:\windows\system32\Adobe
2009-04-24 18:07 . 2009-04-24 18:07 -------- d-----w- c:\documents and settings\Shona\Local Settings\Application Data\CANON_INC
2009-04-24 18:02 . 2009-10-01 07:09 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\CANON_INC
2009-04-17 09:48 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-04-17 09:48 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-04-17 09:48 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-04-17 09:48 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-04-17 09:48 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 09:48 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 09:48 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 09:48 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-04-17 09:48 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-04-17 09:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-04-17 09:43 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 14:51 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-10 12:17 . 2009-06-08 20:28 -------- d-----w- c:\documents and settings\Shona\Application Data\U3
2009-04-09 10:22 . 2009-04-09 10:22 -------- d-----w- c:\windows\system32\KB905474
2009-04-07 17:16 . 2009-04-07 17:16 -------- d-----w- c:\documents and settings\Shona\Application Data\PlayFirst
2009-04-07 16:31 . 2003-03-24 08:00 68096 -c--a-w- c:\windows\system32\dllcache\dpnhupnp.dll
2009-04-07 16:22 . 2009-06-22 21:02 -------- d-----w- c:\program files\Pariah Singleplayer Demo
2009-04-04 11:21 . 2010-06-14 08:16 -------- d-----w- C:\$AVG8.VAULT$
2009-04-03 18:59 . 2009-04-03 18:59 -------- d-----w- c:\program files\IVT Corporation
2009-04-02 19:08 . 2009-04-28 16:05 -------- d-----w- c:\documents and settings\Jane\Application Data\FrostWire
2009-04-02 19:05 . 2009-04-02 19:05 -------- d-----w- c:\program files\AskBarDis
2009-03-31 13:24 . 2009-08-21 08:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-03-31 13:24 . 2009-08-21 08:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-03-31 13:24 . 2009-05-13 11:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-03-31 13:24 . 2001-12-31 23:19 -------- d-----w- c:\windows\system32\drivers\Avg
2009-03-31 13:24 . 2009-12-04 09:13 -------- d-----w- c:\program files\AVG
2009-03-31 13:24 . 2009-12-04 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-03-31 12:34 . 2009-03-31 12:34 -------- d-----w- C:\Idapi32
2009-03-31 12:34 . 2009-03-31 12:34 -------- d-----w- C:\WinPers
2009-03-22 20:10 . 2009-03-23 19:36 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\CANON_INC
2009-03-22 09:33 . 2009-04-03 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll
2009-03-19 16:31 . 2009-05-25 11:28 -------- d-----w- c:\documents and settings\Jane\Application Data\Spotify
2009-03-19 16:31 . 2009-05-25 11:23 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\Spotify
2009-03-19 16:31 . 2009-03-19 16:31 -------- d-----w- c:\program files\Spotify
2009-03-17 16:13 . 2009-03-17 16:13 -------- d-----w- c:\documents and settings\Jane\Application Data\EleFun Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 10:32 . 2003-05-01 20:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-18 16:43 . 2008-12-06 16:00 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-18 08:23 . 2008-12-06 15:59 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-13 14:01 . 2004-08-04 12:00 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-24 06:59 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:11 . 2004-08-04 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-15 16:28 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-01 06:43 . 2003-05-01 20:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-01 06:43 . 2003-05-01 20:22 -------- d-----w- c:\program files\Pinnacle
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:17 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2009-08-14 13:21 . 2004-08-04 12:00 1850624 ----a-w- c:\windows\system32\win32k.sys
2009-08-07 12:16 . 2009-08-07 12:16 -------- d-----w- c:\program files\MSBuild
2009-08-07 12:16 . 2009-08-07 12:16 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 18:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 10:05 . 2008-07-21 23:27 1372672 ------w- c:\windows\system32\msxml6.dll
2009-07-31 04:35 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22 . 2004-08-04 12:00 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-01 22:02 . 2004-08-04 12:00 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-08 03:34 . 2004-08-04 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 03:32 . 2004-08-04 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-04 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-04 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-04 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-04 12:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2004-08-04 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w- c:\windows\system32\rpcss.dll
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w- c:\windows\system32\sc.exe
2009-01-04 20:01 . 2009-01-04 20:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-01-04 20:01 . 2009-01-04 20:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-01-01 20:12 . 2009-01-01 20:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-01-01 20:12 . 2009-01-01 20:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-16 21:38 . 2008-12-16 21:38 85302 ----a-w- c:\windows\system32\drivers\LVFeL002.cfg
2008-12-16 21:38 . 2008-12-16 21:38 69592 ----a-w- c:\windows\system32\drivers\LVFaL000.cfg
2008-12-16 21:38 . 2008-12-16 21:38 227172 ----a-w- c:\windows\system32\drivers\LVFeL000.cfg
2008-12-16 21:38 . 2008-12-16 21:38 146680 ----a-w- c:\windows\system32\drivers\LVFeL001.cfg
2008-10-27 10:04 . 2009-03-12 17:09 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 . 2009-03-12 17:09 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 . 2009-03-12 17:09 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 . 2009-03-12 17:09 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2008-10-23 12:36 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-10-10 04:52 . 2009-03-12 17:09 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2008-10-10 04:52 . 2009-03-12 17:09 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2008-10-10 04:52 . 2009-03-12 17:09 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2008-08-14 10:04 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-08-02 18:29 . 2003-05-01 20:00 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2008-07-30 06:20 . 2009-03-12 17:09 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2008-07-30 06:20 . 2009-03-12 17:09 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2008-07-30 06:20 . 2009-03-12 17:09 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2008-07-16 11:03 . 2003-05-01 20:38 -------- d-----w- c:\program files\PCI Audio Applications
2008-07-10 11:01 . 2009-03-12 17:09 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2008-07-10 11:00 . 2009-03-12 17:09 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2008-07-10 11:00 . 2009-03-12 17:09 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2008-07-07 20:26 . 2004-08-04 12:00 253952 ----a-w- c:\windows\system32\es.dll
2008-07-06 12:06 . 2009-08-07 12:14 117760 ------w- c:\windows\system32\prntvpt.dll
2008-07-06 12:06 . 2009-08-07 12:14 575488 ------w- c:\windows\system32\xpsshhdr.dll
2008-07-06 12:06 . 2009-08-07 12:14 1676288 ------w- c:\windows\system32\xpssvcs.dll
2008-06-24 16:43 . 2004-08-04 12:00 74240 ----a-w- c:\windows\system32\mscms.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 21:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GMX_GMX File Storage Manager"="c:\program files\GMX\GMX File Storage Manager\DAVSRV.EXE" [2008-07-29 942080]
"ILO_Office_Manager"="IntEdReg.exe" [2002-10-15 53760]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-15 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-05-02 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 08:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2001-10-22 17:24 1216512 ----a-r- c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ILO_Office_Manager]
2002-10-15 00:30 53760 ----a-w- c:\windows\system32\intedreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-05-02 14:19 4640768 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-05-02 14:19 49152 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-05-02 14:19 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 09:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-15 12:21 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:limewire
"6346:UDP"= 6346:UDP:Frostwire

R0 Fasttrak;Fasttrak;c:\windows\system32\drivers\Fasttrak.sys [20/12/2001 18:49 70528]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/03/2009 13:24 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/03/2009 13:24 108552]
R1 uigcrdr;uigcrdr;c:\windows\system32\drivers\uigcrdr.SYS [17/01/2009 11:01 149248]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [31/03/2009 13:24 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31/03/2009 13:24 297752]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [27/12/2007 14:39 51816]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [01/05/2003 20:22 6369]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/05/2010 19:48 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [24/06/2007 14:52 13532]
.
Contents of the 'Scheduled Tasks' folder

2008-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2002-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-30 06:57]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 19:48]

2002-01-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-05-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2002-01-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1580818891-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-05-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1580818891-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{1D9EB272-00C4-4F1F-A8E2-8C2A739B0956}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2009-07-05 c:\windows\Tasks\User_Feed_Synchronization-{2A220EF1-366B-4CD1-B394-061FCE905A9B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-04-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 21:18]

2007-06-30 c:\windows\Tasks\Windows Movie Maker.job
- c:\progra~1\MOVIEM~1\moviemk.exe [2004-05-26 15:28]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.fenlea.co.uk/controls/IlosoftImageUpload.dll
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "Search the Web");.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\David\Application Data\SystemProc\lsass.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2002-01-01 03:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = c:\documents and settings\David\Application Data\SystemProc\lsass.exe???????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7560)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\GMX\GMX File Storage Manager\ExplorerHook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\System32\uigcnp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\logon.scr
.
**************************************************************************
.
Completion time: 2002-01-01 03:40:06 - machine was rebooted
ComboFix-quarantined-files.txt 2002-01-01 03:39
ComboFix2.txt 2010-06-20 15:26

Pre-Run: 15,657,218,048 bytes free
Post-Run: 15,616,622,592 bytes free

- - End Of File - - E4CC3C48AB69CBE17CDE98D496091CD7


How clean is this now?

#20
Desperate
Posted 24 June 2010 - 02:20 PM

    New Member

  • Members
  • Pip
  • 25 posts
Arg! So high so low. :P I just went to open a genealogy progam and got the error message " FTW.exe This application has failed to start because FtwWrp32.dll was not found. Reinstalling the application may fix this problem". Is this symptomatic of a continued infection or is this another damaged/renamed dll file?
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us