Jump to content


Photo
- - - - -

malwarebytes and avira freeze during scan


  • This topic is locked This topic is locked
26 replies to this topic

#1 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 14 October 2009 - 12:49 PM

Hi, yesterday after my computer came out of hibernation I got a message ona blue screen that windows has encountered a problem and needs to close.

I scanned with malwarebytes a few times and it scanned for around 5 minutes until it came to a file "windows:\ dtcinstall" then it frooze. after a few minutes igot the blue screen again with the same message.

the same thing happens with avira.

i have no problem with updating either.

when i try to shutdown the computer it hangs on "windows is shutting down"

i dont have any pop-ups or re-directs. BUT it seems something is wrong.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:37, on 14/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Boylesports i-bar - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\PROGRA~1\BOYLES~2\BOYLES~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Boylesports i-bar - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\PROGRA~1\BOYLES~2\BOYLES~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O5 "LPT1:" /M "Stylus COLOR 580"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f.../fslauncher.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6796.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...ploader_uni.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by135fd.bay13...ex/HMAtchmt.ocx
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9bdb2175ddae8) (gupdate1c9bdb2175ddae8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11062 bytes




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/14 18:40
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA194000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B13000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA951E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\user\local settings\temp\~df614a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\user\local settings\temp\~df6331.tmp
Status: Allocation size mismatch (API: 65536, Raw: 16384)

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a0e60

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a15c0

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29f610

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae0d0

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7bce746

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29f2c0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29c580

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29c960

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29c060

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7bce73c

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29e5a0

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2aeb50

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7bce74b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7bce755

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29efe0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae070

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae0a0

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a05d0

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7bce75a

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae760

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2acc20

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7bce728

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29c300

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7bce72d

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a1250

#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a0a10

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae010

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2ae040

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a1740

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7bce764

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a0180

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7bce75f

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29ec90

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2adff0

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29f9d0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29e3c0

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2aee10

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29e720

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7bce750

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a04d0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29ee40

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29eac0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29e900

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7bce737

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29e1a0

#: 262 Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a07f0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2a1400

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29a8b0

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29abe0

#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa297d50

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2997d0

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299350

#: 324 Function Name: NtUserCallTwoParam
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29a1c0

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa298770

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299a80

#: 401 Function Name: NtUserGetDC
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29a590

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa298640

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa298510

#: 439 Function Name: NtUserGetWindowDC
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29a720

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2988a0

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299da0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa298ca0

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299000

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa297bf0

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2995a0

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299940

#: 529 Function Name: NtUserSetParent
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299bd0

#: 546 Function Name: NtUserSetWindowPos
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa29a090

#: 548 Function Name: NtUserSetWindowsHookAW
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa297740

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa297360

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa2979a0

#: 555 Function Name: NtUserShowWindow
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xaa299fc0

==EOF==

#2 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 20 October 2009 - 04:08 PM

I'm bumping because I think I've been forgotten.

Anyway updates : I still dont have any pop-ups or re-directs or any obvious signs of Malware.

In my previous post I said that it was Dctinstall.log that was the problem but i'm nearly certain now after running several online scans that the problem is "dump5bbc" I found it in my Windows folder. It looks as if it a Word document but i have my doubts. Any scan I run, when it gets to this file freezes the whole computer withe the message "a problem has been detected and windows has been shutdown to prevent damage to your computer"

The strange thing is that when I go into the Windows folder and touch (not click) that file with the mouse the same freezing accours.

I hope somebody could help me and i do appreciate that you are very busy people. THANKS K

#3 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 21 October 2009 - 08:44 AM

I have just found out that my fathers credit card was used in london and australia by a fraudster. He cancelled his card and all is ok but I cant help but wonder if it has something to do with this. Please someone have a look.

#4 chamber

chamber

    True Member

  • Experts
  • PipPipPipPip
  • 274 posts
  • Gender:Male

Posted 23 October 2009 - 02:42 AM

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll
    %systemroot%\system32\drivers\iaStor.sys
    %systemroot%\System32\drivers\nvstor.sys
    %systemroot%\system32\drivers\atapi.sys
    %systemroot%\system32\drivers\IdeChnDr.sys

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#5 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 23 October 2009 - 07:30 AM

Thank you very much for helping chamber.

update. I managed to delete the file DUMP5BBC.TMP while in safe mode. This meant that i could complete all scan and they were clear.

Only one report came from OTL.


OTL logfile created on: 23/10/2009 13:24:38 - Run 3
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

759.37 Mb Total Physical Memory | 358.38 Mb Available Physical Memory | 47.19% Memory free
1.81 Gb Paging File | 1.36 Gb Available in Paging File | 75.04% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.73 Gb Total Space | 8.97 Gb Free Space | 36.29% Space Free | Partition Type: NTFS
Drive D: | 9.30 Gb Total Space | 9.24 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF9MSC2J
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\OAhlp.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9bdb2175ddae8 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Running]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrvR [Auto | Stopped]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MDM [Auto | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (OAcat [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (SvcOnlineArmor [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
SRV - (wltrysvc [Auto | Stopped]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (OADevice [System | Running]) -- C:\WINDOWS\System32\drivers\OADriver.sys (Tall Emu)
DRV - (OAmon [System | Running]) -- C:\WINDOWS\System32\drivers\OAmon.sys (Tall Emu)
DRV - (OAnet [System | Running]) -- C:\WINDOWS\System32\drivers\OAnet.sys (Tall Emu Pty Ltd)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rootrepeal [Unknown | Stopped]) -- Service key not found. File not found
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Tall Emu\Online Armor\OAwatch.dll (Tall Emu)
MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\WINSTA.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8484

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/29 18:59:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/03 17:35:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/06 14:08:49 | 00,000,000 | ---D | M]

[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions
[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\tiicj0w9.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photob...ploader_uni.cab (PB_Uploader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...772/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by135fd.bay13...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/10/15 17:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/15 15:40:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/10/15 15:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/10/23 13:14:38 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/10/23 01:35:13 | 00,000,000 | --SD | C] -- C:\Combo-fix
[2009/10/23 01:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/15 17:21:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/15 17:21:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/15 17:20:26 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbsu.exe
[2009/10/15 14:49:38 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe
[2009/10/07 17:41:54 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/23 22:28:48 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/06/29 19:44:07 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2009/10/23 13:14:42 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/10/23 13:02:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 12:59:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/10/23 10:29:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/10/23 10:28:13 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/23 10:11:01 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job
[2009/10/23 01:34:18 | 00,013,692 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix
[2009/10/23 01:32:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/23 01:28:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/22 19:46:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/22 19:45:20 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/22 19:45:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/22 19:45:11 | 79,632,7936 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/21 10:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/15 17:21:13 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 17:20:26 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbsu.exe
[2009/10/15 16:13:58 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/10/15 15:41:32 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/15 15:39:22 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/10/15 14:49:50 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe
[2009/10/14 22:24:29 | 00,496,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 22:24:29 | 00,436,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 22:24:29 | 00,069,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 22:19:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 20:56:32 | 00,282,312 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2009/10/14 18:50:16 | 00,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/14 01:02:33 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/07 14:33:38 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/05 17:47:24 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/10/02 19:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/28 22:35:44 | 00,063,281 | ---- | M] () -- C:\Documents and Settings\User\My Documents\ORK25G4UW28E.pdf

========== Files - No Company Name ==========
[2009/10/23 01:34:18 | 00,013,692 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix
[2009/10/22 18:45:49 | 79,632,7936 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/15 17:21:13 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 15:36:28 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/10/14 20:56:31 | 00,282,312 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2009/10/14 18:50:16 | 00,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/28 22:35:44 | 00,063,281 | ---- | C] () -- C:\Documents and Settings\User\My Documents\ORK25G4UW28E.pdf
[2009/09/08 11:36:10 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2009/07/11 02:03:20 | 04,846,002 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2008/07/04 10:47:28 | 00,001,198 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2008/07/04 10:45:08 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2008/05/05 18:24:12 | 00,001,528 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/12/14 02:20:03 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
[2006/11/03 15:15:55 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/08/29 13:14:22 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/24 21:33:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/08/22 10:37:55 | 00,005,129 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/22 10:37:55 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/21 20:18:52 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/21 18:27:30 | 00,002,637 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/07/21 17:52:36 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\dvd.bmk
[2006/07/21 11:54:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/21 11:29:28 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2006/07/21 11:26:24 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/07/21 11:03:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini
[2006/07/18 22:22:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/18 22:15:28 | 00,000,443 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/18 22:08:56 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/07/18 22:03:54 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/18 21:41:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/07/18 21:41:14 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/07/18 21:40:36 | 00,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 12:51:28 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/15 16:14:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/03 20:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/11 15:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/09/04 01:40:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/06/30 22:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2009/09/14 15:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2007/08/23 17:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006/12/07 14:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2008/12/31 12:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2009/10/14 00:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2007/08/23 17:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/06/29 19:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/07/01 19:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/15 11:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/10/15 16:14:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\User\Application Data
[2006/09/12 14:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ahead
[2009/09/14 15:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Boylesports5
[2009/04/03 20:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/07/21 21:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FUJIFILM
[2007/06/03 10:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Image Zone Express
[2006/07/27 21:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2008/08/14 00:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Microgaming
[2007/08/15 11:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSN Search Toolbar
[2008/12/31 12:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MyHeritage
[2009/09/09 21:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OnlineArmor
[2007/09/05 12:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2009/06/29 19:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst
[2006/11/30 21:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Preclick
[2007/08/23 17:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ROUTE 66 Sync
[2009/07/29 14:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template
[2009/02/03 22:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Complete Genealogy Reporter - FTB
[2008/11/15 23:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity
[2007/08/15 11:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2009/10/21 10:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/10/23 12:59:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/23 10:28:13 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/22 19:45:20 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/23 13:02:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 10:29:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\HP Usg Daily.job
[2009/10/23 01:32:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/23 10:11:01 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/04/14 23:05:02 | 00,009,952 | ---- | M] () -- C:\regxpcom.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

< %systemroot%\system32\drivers\iaStor.sys >

< %systemroot%\System32\drivers\nvstor.sys >

< %systemroot%\system32\drivers\atapi.sys >
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

< %systemroot%\system32\drivers\IdeChnDr.sys >
< End of report >

#6 chamber

chamber

    True Member

  • Experts
  • PipPipPipPip
  • 274 posts
  • Gender:Male

Posted 23 October 2009 - 07:43 AM

This is why OTL only produced one log.

OTL logfile created on: 23/10/2009 13:24:38 - Run 3


Have you run it before?

You have ComboFix before? I see it in your logs. If you have run it please post the log that it produced.

1) OTL

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    [2006/04/14 23:05:02 | 00,009,952 | ---- | M] () -- C:\regxpcom.exe
    
    :Services
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\OldTimer Tools\OTL]
    "RunQty"="0"
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

2) GMER

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

In your reply I would like to see copied and pasted,

1) OTL logs
2) GMER log
3) Any other logs you have from tools that have been run

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#7 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 23 October 2009 - 09:07 AM

Hi, ya I ran combofix last night because i was freaking out a little.

here are the logs.

OTL Extras logfile created on: 23/10/2009 14:57:05 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

759.37 Mb Total Physical Memory | 285.78 Mb Available Physical Memory | 37.63% Memory free
1.81 Gb Paging File | 1.27 Gb Available in Paging File | 69.99% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.73 Gb Total Space | 8.97 Gb Free Space | 36.28% Space Free | Partition Type: NTFS
Drive D: | 9.30 Gb Total Space | 9.24 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF9MSC2J
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{12BE3579-A34B-47BD-A65C-82B1754E71E1}" = D4100
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.3
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 16
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C97C9C5-1AF3-41B0-B61C-185C06C75EE6}" = D4100_Help
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC5A3749-4535-4EAD-842A-DDE976CC6B38}" = PS7900
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E13A66A4-8A37-451E-B4C5-E60BA0A777E3}" = Preclick PhotoBack Plug-in for HP
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Boylesports5" = Boylesports i-bar
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Eye Candy 4000" = Eye Candy 4000
"Family Tree Builder" = MyHeritage Family Tree Builder
"getPlus®_ocx" = getPlus®_ocx
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 3.5
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World Leaders" = World Leaders
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/10/2009 23:03:58 | Computer Name = DF9MSC2J | Source = Avira AntiVir | ID = 4110
Description = An unknown error occurred during init of the engine! Returned error
code: 0x35

Error - 13/10/2009 23:05:30 | Computer Name = DF9MSC2J | Source = Avira AntiVir | ID = 4110
Description = An unknown error occurred during init of the engine! Returned error
code: 0x35

Error - 13/10/2009 23:06:11 | Computer Name = DF9MSC2J | Source = Avira AntiVir | ID = 4110
Description = An unknown error occurred during init of the engine! Returned error
code: 0x35

Error - 13/10/2009 23:07:12 | Computer Name = DF9MSC2J | Source = Avira AntiVir | ID = 4110
Description = An unknown error occurred during init of the engine! Returned error
code: 0x35

Error - 13/10/2009 23:16:08 | Computer Name = DF9MSC2J | Source = Avira AntiVir | ID = 4110
Description = An unknown error occurred during init of the engine! Returned error
code: 0x35

Error - 16/10/2009 04:02:06 | Computer Name = DF9MSC2J | Source = Google Update | ID = 20
Description =

Error - 16/10/2009 05:02:05 | Computer Name = DF9MSC2J | Source = Google Update | ID = 20
Description =

Error - 16/10/2009 09:52:29 | Computer Name = DF9MSC2J | Source = Application Hang | ID = 1002
Description = Hanging application RootRepeal.exe, version 1.3.2.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16/10/2009 09:52:49 | Computer Name = DF9MSC2J | Source = Application Hang | ID = 1002
Description = Hanging application RootRepeal.exe, version 1.3.2.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19/10/2009 07:57:20 | Computer Name = DF9MSC2J | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 23/10/2009 07:19:51 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 23/10/2009 08:03:53 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 23/10/2009 08:25:58 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 23/10/2009 08:39:46 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 23/10/2009 08:46:28 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 23/10/2009 08:52:58 | Computer Name = DF9MSC2J | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%5

Error - 23/10/2009 08:56:14 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 23/10/2009 09:55:51 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 23/10/2009 09:56:00 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 23/10/2009 09:56:15 | Computer Name = DF9MSC2J | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%5" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding


< End of report >


OTL logfile created on: 23/10/2009 14:57:05 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

759.37 Mb Total Physical Memory | 285.78 Mb Available Physical Memory | 37.63% Memory free
1.81 Gb Paging File | 1.27 Gb Available in Paging File | 69.99% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.73 Gb Total Space | 8.97 Gb Free Space | 36.28% Space Free | Partition Type: NTFS
Drive D: | 9.30 Gb Total Space | 9.24 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF9MSC2J
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NetWaiting\netWaiting.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\OAhlp.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9bdb2175ddae8 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrvR [Auto | Stopped]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (OAcat [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (SvcOnlineArmor [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Tall Emu\Online Armor\OAwatch.dll (Tall Emu)
MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\WINSTA.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8484

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/29 18:59:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/03 17:35:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/06 14:08:49 | 00,000,000 | ---D | M]

[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions
[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/01 16:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\tiicj0w9.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photob...ploader_uni.cab (PB_Uploader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...772/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by135fd.bay13...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/15 17:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/15 15:40:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/10/15 15:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/10/23 13:14:38 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/10/23 01:35:13 | 00,000,000 | --SD | C] -- C:\Combo-fix
[2009/10/23 01:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/15 17:21:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/15 17:21:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/15 17:20:26 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbsu.exe
[2009/10/15 14:49:38 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe
[2009/06/29 19:44:07 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 14 Days ==========

[2009/10/23 14:59:03 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/10/23 14:29:01 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/10/23 14:02:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 13:53:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/23 13:53:03 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/23 13:52:46 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/23 13:52:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/23 13:52:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/23 13:52:37 | 79,632,7936 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/23 13:14:42 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/10/23 10:11:01 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job
[2009/10/23 01:34:18 | 00,013,692 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix
[2009/10/23 01:28:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/21 10:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/15 17:21:13 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 17:20:26 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbsu.exe
[2009/10/15 16:13:58 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/10/15 15:41:32 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/15 15:39:22 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/10/15 14:49:50 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe
[2009/10/14 22:24:29 | 00,496,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 22:24:29 | 00,436,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 22:24:29 | 00,069,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 22:19:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 20:56:32 | 00,282,312 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2009/10/14 18:50:16 | 00,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/14 01:02:33 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

========== Files - No Company Name ==========
[2009/10/23 01:34:18 | 00,013,692 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix
[2009/10/22 18:45:49 | 79,632,7936 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/15 17:21:13 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 15:36:28 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/10/14 20:56:31 | 00,282,312 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2009/10/14 18:50:16 | 00,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/08 11:36:10 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2009/07/11 02:03:20 | 04,846,002 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2008/07/04 10:47:28 | 00,001,198 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2008/07/04 10:45:08 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2008/05/05 18:24:12 | 00,001,528 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/12/14 02:20:03 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
[2006/11/03 15:15:55 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/08/29 13:14:22 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/24 21:33:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/08/22 10:37:55 | 00,005,129 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/22 10:37:55 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/21 20:18:52 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/21 18:27:30 | 00,002,637 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/07/21 17:52:36 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\dvd.bmk
[2006/07/21 11:54:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/21 11:29:28 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2006/07/21 11:26:24 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/07/21 11:03:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini
[2006/07/18 22:22:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/18 22:15:28 | 00,000,443 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/18 22:08:56 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/07/18 22:03:54 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/18 21:41:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/07/18 21:41:14 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/07/18 21:40:36 | 00,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 12:51:28 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/15 16:14:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/03 20:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/11 15:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/09/04 01:40:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/06/30 22:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2009/09/14 15:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2007/08/23 17:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006/12/07 14:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2008/12/31 12:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2009/10/14 00:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2007/08/23 17:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/06/29 19:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2004/08/10 13:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/07/01 19:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/15 11:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/10/15 16:14:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\User\Application Data
[2006/09/12 14:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ahead
[2009/09/14 15:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Boylesports5
[2009/04/03 20:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/07/21 21:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FUJIFILM
[2007/06/03 10:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Image Zone Express
[2006/07/27 21:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2008/08/14 00:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Microgaming
[2007/08/15 11:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSN Search Toolbar
[2008/12/31 12:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MyHeritage
[2009/09/09 21:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OnlineArmor
[2007/09/05 12:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2009/06/29 19:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst
[2006/11/30 21:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Preclick
[2007/08/23 17:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ROUTE 66 Sync
[2009/07/29 14:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template
[2009/02/03 22:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Complete Genealogy Reporter - FTB
[2008/11/15 23:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity
[2007/08/15 11:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2009/10/21 10:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/10/23 14:59:03 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/23 13:53:03 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/23 13:52:46 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/23 14:02:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/23 14:29:01 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\HP Usg Daily.job
[2009/10/23 13:52:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/23 10:11:01 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job

========== Purity Check ==========


< End of report >

#8 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 23 October 2009 - 09:09 AM

ComboFix 09-10-21.02 - User 23/10/2009 1:18.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.370 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\Combo-fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-21 18:12 . 2009-10-21 18:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-15 16:21 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-15 16:21 . 2009-10-15 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-15 16:21 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-15 14:40 . 2009-10-15 14:40 -------- d-----w- c:\program files\MSSOAP
2009-10-15 14:37 . 2009-10-15 14:37 -------- d-----w- c:\program files\Webroot
2009-10-15 14:36 . 2009-10-15 14:39 164 ----a-w- c:\windows\install.dat
2009-10-14 18:04 . 2009-10-14 18:12 -------- d-----w- c:\documents and settings\User\DoctorWeb
2009-10-14 03:21 . 2009-10-14 03:21 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-14 01:46 . 2009-10-14 01:46 30824 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 16:21 . 2009-03-31 15:24 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-10-15 16:21 . 2009-03-31 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-14 17:50 . 2006-07-21 10:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-13 23:44 . 2009-09-14 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-10-05 17:05 . 2009-07-20 15:34 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-21 16:02 . 2009-09-14 14:04 -------- d-----w- c:\program files\Common Files\PCSuite
2009-09-14 14:05 . 2009-09-14 14:05 -------- d-----w- c:\documents and settings\User\Application Data\Boylesports5
2009-09-14 14:05 . 2009-09-14 14:04 -------- d-----w- c:\program files\Boylesports5
2009-09-14 14:02 . 2008-07-21 12:07 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-14 14:01 . 2009-09-14 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8(2)
2009-09-14 14:00 . 2009-09-14 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-09-14 13:59 . 2009-09-07 17:24 -------- d-----w- c:\program files\ERUNT
2009-09-11 14:18 . 2004-08-10 11:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 20:09 . 2009-09-09 20:09 -------- d-----w- c:\documents and settings\User\Application Data\OnlineArmor
2009-09-09 20:08 . 2009-09-09 20:08 -------- d-----w- c:\program files\Tall Emu
2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\program files\Avira
2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-08 10:35 . 2009-05-06 13:08 -------- d-----w- c:\program files\Java
2009-09-05 00:08 . 2009-09-05 00:07 -------- d-----w- c:\documents and settings\User\Application Data\HpUpdate
2009-09-05 00:08 . 2006-07-21 17:27 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-05 00:07 . 2006-07-21 17:28 -------- d-----w- c:\program files\HP
2009-09-04 21:03 . 2004-08-10 11:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 18:03 . 2009-09-02 18:03 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-09-02 12:40 . 2006-07-18 21:02 -------- d-----w- c:\program files\Dell
2009-08-29 08:08 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 20:56 . 2009-08-27 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-27 20:55 . 2006-07-18 21:16 -------- d-----w- c:\program files\Google
2009-08-26 08:00 . 2004-08-10 11:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 14:09 . 2009-08-20 14:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 18:24 . 2004-08-10 12:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2004-08-10 12:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2005-05-26 03:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2004-08-10 12:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2004-08-10 12:02 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2004-08-10 11:50 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2004-08-10 12:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2007-08-16 07:25 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23 . 2007-08-16 07:25 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 18:23 . 2004-08-10 12:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 11:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:44 . 2004-08-10 11:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 21:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-31 14:23 . 2008-12-18 00:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-28 15:33 . 2009-09-08 11:14 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-29 18:43 . 2009-06-29 18:44 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-E49A-20FD87FD6E8C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]
"EPSON Stylus COLOR 580"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE" [2001-09-13 220672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-07-11 336584]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [09/09/2009 21:08 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [09/09/2009 21:08 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [09/09/2009 21:08 29776]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [08/09/2009 12:14 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [09/09/2009 21:08 362184]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [09/09/2009 21:08 3142344]
S2 gupdate1c9bdb2175ddae8;Google Update Service (gupdate1c9bdb2175ddae8);c:\program files\Google\Update\GoogleUpdate.exe [15/04/2009 11:08 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-10-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-10-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-19 20:53]

2009-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 10:08]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 10:08]

2009-10-22 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2006-07-21 04:55]

2009-10-22 c:\windows\Tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
IE: {{F313D2F6-B79E-4654-BC77-D14C93FC8947} - c:\program files\boylesportspokercomMPP\MPPoker.exe
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 01:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(408)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\WININET.dll
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-23 1:32
ComboFix-quarantined-files.txt 2009-10-23 00:32

Pre-Run: 8,095,682,560 bytes free
Post-Run: 8,083,742,720 bytes free

- - End Of File - - 379C97659A528063DD449E25ECC7965A




GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-23 14:55:24
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\fxldapod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xAA2A0E60]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xAA2A15C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xAA29F610]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xAA2AE0D0]
SSDT F7C5F96E ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xAA29F2C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xAA29C580]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xAA29C960]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xAA29C060]
SSDT F7C5F964 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xAA29E5A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDeleteFile [0xAA2AEB50]
SSDT F7C5F973 ZwDeleteKey
SSDT F7C5F97D ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDuplicateObject [0xAA29EFE0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateKey [0xAA2AE070]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateValueKey [0xAA2AE0A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xAA2A05D0]
SSDT F7C5F982 ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xAA2AE760]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenKey [0xAA2ACC20]
SSDT F7C5F950 ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xAA29C300]
SSDT F7C5F955 ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xAA2A1250]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryDirectoryFile [0xAA2A0A10]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryKey [0xAA2AE010]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryValueKey [0xAA2AE040]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xAA2A1740]
SSDT F7C5F98C ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xAA2A0180]
SSDT F7C5F987 ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xAA29EC90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSaveKey [0xAA2ADFF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xAA29F9D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xAA29E3C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetInformationFile [0xAA2AEE10]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xAA29E720]
SSDT F7C5F978 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xAA2A04D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xAA29EE40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xAA29EAC0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xAA29E900]
SSDT F7C5F95F ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xAA29E1A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xAA2A07F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwWriteVirtualMemory [0xAA2A1400]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 12 Bytes [C0, F2, 29, AA, 80, C5, 29, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F90 12 Bytes [40, EE, 29, AA, C0, EA, 29, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\hkcmd.exe[180] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001
.text C:\WINDOWS\system32\hkcmd.exe[180] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[180] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hkcmd.exe[180] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\hkcmd.exe[180] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[184] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[184] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0B001E
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[184] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F05001E
.text C:\WINDOWS\system32\wuauclt.exe[260] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[324] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[352] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\csrss.exe[388] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\winlogon.exe[412] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text ...
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[580] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[640] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[784] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[832] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\stsystra.exe[920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009B0001
.text C:\WINDOWS\stsystra.exe[920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\stsystra.exe[920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\stsystra.exe[920] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\stsystra.exe[920] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\stsystra.exe[920] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\stsystra.exe[920] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[940] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1056] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\Explorer.EXE[1136] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01CC0001
.text C:\WINDOWS\Explorer.EXE[1136] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1136] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1136] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\Explorer.EXE[1136] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1136] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1176] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1208] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1320] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\System32\bcmwltry.exe[1332] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Tall Emu\Online Armor\OAcat.exe[1340] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1372] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0B001E
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1372] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F05001E
.text C:\WINDOWS\system32\spoolsv.exe[1540] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe[1612] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1660] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1824] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1824] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1824] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1824] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[1948] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Java\jre6\bin\jqs.exe[2000] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\WLTRAY.exe[2124] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DB0001
.text C:\WINDOWS\system32\WLTRAY.exe[2124] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\WLTRAY.exe[2124] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\WLTRAY.exe[2124] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\WLTRAY.exe[2124] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\WLTRAY.exe[2124] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\WLTRAY.exe[2124] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\WLTRAY.exe[2124] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[2276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001
.text C:\WINDOWS\system32\ctfmon.exe[2276] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2276] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2276] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\ctfmon.exe[2276] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2356] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[2356] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2476] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2476] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2476] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2476] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001
.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A
.text C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.812\gmer.exe[2596] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\hphmon05.exe[2752] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001
.text C:\WINDOWS\system32\hphmon05.exe[2752] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hphmon05.exe[2752] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hphmon05.exe[2752] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\hphmon05.exe[2752] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\hphmon05.exe[2752] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\hphmon05.exe[2752] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00940001
.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 010DE8D9 C:\Program Files\Windows Desktop Search\mssrch.dll (Microsoft Embedded Search/Microsoft Corporation)
.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[2888] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2928] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2928] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2928] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[2928] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\alg.exe[3112] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E50001
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3204] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3404] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01500001
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3404] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3404] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0B001E
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[3404] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F05001E
.text C:\Program Files\NetWaiting\netWaiting.exe[3816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D30001
.text C:\Program Files\NetWaiting\netWaiting.exe[3816] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NetWaiting\netWaiting.exe[3816] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\NetWaiting\netWaiting.exe[3816] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\NetWaiting\netWaiting.exe[3816] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009B0001
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3972] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3972] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3972] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3972] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F763A300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F763A360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F763A610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F763A650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F763A610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F763A360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F763A300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F763A610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F763A650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F763A300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F763A360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A8C47D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device InCDfs.SYS (InCD File System Driver/Nero AG)

---- EOF - GMER 1.0.15 ----

#9 chamber

chamber

    True Member

  • Experts
  • PipPipPipPip
  • 274 posts
  • Gender:Male

Posted 23 October 2009 - 09:23 AM

Not seeing much in there.

Download this to your C:\ drive and run it,

mbr.exe and post the log that it produces.

Then,

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#10 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 23 October 2009 - 09:54 AM

I reckon everything is fine. The problem was definately "DUMP5BBC.TMP" I have no idea what it was or where it came from. No scanner (even combofix) could scan it. Thanks for your help, ye do great work.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


The MBAM scan was clear.

The only thing that avira found was "eicar test file" not a virus it said.

#11 chamber

chamber

    True Member

  • Experts
  • PipPipPipPip
  • 274 posts
  • Gender:Male

Posted 24 October 2009 - 05:17 AM

Lets get an online scan going to be sure.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#12 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 24 October 2009 - 07:31 AM

Thanks Chamber. I will be away until monday so i'll report back then.

#13 chamber

chamber

    True Member

  • Experts
  • PipPipPipPip
  • 274 posts
  • Gender:Male

Posted 25 October 2009 - 04:57 AM

No problems. :blink:

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#14 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 28 October 2009 - 10:59 AM

Sorry for not getting back sooner. I did as you asked and everything went good. After i deleted the "dump5bbc.tmp" file last week everything was fine until this morning. When i scanned with malwarebytes the scan frooze again. I searched back in my windows folder and found "dump5f27.tmp" . So i think it has respawned. I again deleted this file in safemode and tried to scan again but frooze again. I noticed that when i look at "my computer" some folder are after getting lighter in appearence. Not sure if this has anything to do with the problem but i'll post a screenshot for you to look at.

Attached Files



#15 chamber

chamber

    True Member

  • Experts
  • PipPipPipPip
  • 274 posts
  • Gender:Male

Posted 28 October 2009 - 11:08 AM

No thats fine.

Can you give me the exact location of that file?


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#16 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 28 October 2009 - 11:39 AM

It was sitting in the Windows folder alongside all those kb****** flles and it had looked like a MSWORD FILE.


OTL logfile created on: 28/10/2009 16:26:02 - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

759.37 Mb Total Physical Memory | 388.73 Mb Available Physical Memory | 51.19% Memory free
1.81 Gb Paging File | 1.37 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.73 Gb Total Space | 8.59 Gb Free Space | 34.72% Space Free | Partition Type: NTFS
Drive D: | 9.30 Gb Total Space | 9.24 Gb Free Space | 99.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF9MSC2J
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NetWaiting\netWaiting.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\OAhlp.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9bdb2175ddae8 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrvR [Auto | Stopped]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (OAcat [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (SvcOnlineArmor [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (OADevice [System | Running]) -- C:\WINDOWS\System32\drivers\OADriver.sys (Tall Emu)
DRV - (OAmon [System | Running]) -- C:\WINDOWS\System32\drivers\OAmon.sys (Tall Emu)
DRV - (OAnet [System | Running]) -- C:\WINDOWS\System32\drivers\OAnet.sys (Tall Emu Pty Ltd)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Tall Emu\Online Armor\OAwatch.dll (Tall Emu)
MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\WINSTA.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8484

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..browser.startup.homepage: "http://search.myheritage.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/29 17:59:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/03 16:35:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/06 13:08:49 | 00,000,000 | ---D | M]

[2009/04/01 15:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions
[2009/04/01 15:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/01 15:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\tiicj0w9.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Boylesports i-bar) - {A057A204-BACC-4D26-E49A-20FD87FD6E8C} - C:\Program Files\Boylesports5\Boylesports5.dll (Boylesports )
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [EPSON Stylus COLOR 580] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photob...ploader_uni.cab (PB_Uploader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...772/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by135fd.bay13...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/10/24 22:11:16 | 00,000,000 | ---D | C] -- C:\Program Files\Family Toolbar
[2009/10/15 16:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/15 14:40:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/10/15 14:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/10/28 16:25:08 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/10/23 00:35:13 | 00,000,000 | --SD | C] -- C:\Combo-fix
[2009/10/23 00:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/15 16:21:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/15 16:21:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/15 13:49:38 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe
[2009/10/07 16:41:54 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/06/29 18:44:07 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2009/10/28 16:25:14 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/10/28 16:22:55 | 00,001,198 | ---- | M] () -- C:\WINDOWS\MyHeritage.INI
[2009/10/28 16:02:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/28 15:59:01 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/10/28 15:38:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/28 15:38:26 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/28 15:38:22 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/28 15:38:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/28 15:38:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/28 15:38:06 | 79,632,7936 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/28 15:34:56 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job
[2009/10/28 13:18:18 | 00,436,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/28 13:18:18 | 00,069,902 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/28 13:18:16 | 00,515,896 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/27 22:29:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/10/25 23:00:11 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/24 22:11:54 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MyHeritage Family Tree Builder.lnk
[2009/10/23 14:42:06 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2009/10/23 00:28:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/21 09:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/15 16:21:13 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 15:13:58 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/10/15 14:41:32 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/15 14:39:22 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/10/15 13:49:50 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\My Documents\ADVANCEDSETUP.exe
[2009/10/14 21:19:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 17:50:16 | 00,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/14 00:02:33 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/07 13:33:38 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/05 16:47:24 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/10/02 18:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/28 21:35:44 | 00,063,281 | ---- | M] () -- C:\Documents and Settings\User\My Documents\ORK25G4UW28E.pdf

========== Files - No Company Name ==========
[2009/10/28 14:46:31 | 79,632,7936 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/24 12:23:25 | 01,033,523 | ---- | C] () -- C:\Documents and Settings\User\My Documents\canada 06 026.jpg
[2009/10/23 14:42:06 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2009/10/15 16:21:13 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 14:36:28 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/10/14 17:50:16 | 00,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/28 21:35:44 | 00,063,281 | ---- | C] () -- C:\Documents and Settings\User\My Documents\ORK25G4UW28E.pdf
[2009/09/08 10:36:10 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2009/07/11 01:03:20 | 04,846,002 | -H-- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2008/07/04 09:47:28 | 00,001,198 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2008/07/04 09:45:08 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2008/05/05 17:24:12 | 00,001,528 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/29 22:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/12/14 01:20:03 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
[2006/11/03 14:15:55 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/08/29 12:14:22 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/24 20:33:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/08/22 09:37:55 | 00,005,129 | ---- | C] () -- C:\Documents and Settings\User\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/22 09:37:55 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/21 19:18:52 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/21 17:27:30 | 00,002,637 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/07/21 16:52:36 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\dvd.bmk
[2006/07/21 10:54:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/21 10:29:28 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2006/07/21 10:26:24 | 00,030,824 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/07/21 10:03:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User\Application Data\desktop.ini
[2006/07/18 21:22:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/18 21:15:28 | 00,000,443 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/18 21:08:56 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/07/18 21:03:54 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/18 20:41:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/07/18 20:41:14 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/07/18 20:40:36 | 00,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 11:51:28 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 11:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/15 15:14:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/03 19:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/11 14:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/09/04 00:40:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/06/30 21:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2009/09/14 14:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2007/08/23 16:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006/12/07 13:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2008/12/31 11:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2009/10/13 23:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2007/08/23 16:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/06/29 18:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2004/08/10 12:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/07/01 18:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/15 10:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/10/15 15:14:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\User\Application Data
[2006/09/12 13:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ahead
[2009/09/14 14:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Boylesports5
[2009/04/03 19:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/07/21 20:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FUJIFILM
[2007/06/03 09:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Image Zone Express
[2006/07/27 20:49:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2008/08/13 23:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Microgaming
[2007/08/15 10:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSN Search Toolbar
[2008/12/31 11:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MyHeritage
[2009/09/09 20:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OnlineArmor
[2007/09/05 11:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2009/06/29 18:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst
[2006/11/30 20:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Preclick
[2007/08/23 16:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ROUTE 66 Sync
[2009/07/29 13:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template
[2009/02/03 21:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Complete Genealogy Reporter - FTB
[2008/11/15 22:54:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity
[2007/08/15 10:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2009/10/21 09:03:19 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/10/28 15:59:01 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/28 15:38:26 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/28 15:38:22 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/28 16:02:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/27 22:29:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\HP Usg Daily.job
[2009/10/28 15:38:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/28 15:34:56 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B431114-1E73-48F9-8BC1-A0855475F980}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/10/23 14:42:06 | 00,077,312 | ---- | M] () -- C:\mbr.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\i386\eventlog.dll
[1 C:\Documents and Settings\User\Desktop\i386\*.tmp files]
[eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\i386\scecli.dll
[1 C:\Documents and Settings\User\Desktop\i386\*.tmp files]
[scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\i386\netlogon.dll
[1 C:\Documents and Settings\User\Desktop\i386\*.tmp files]
[netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\i386\atapi.sys
[1 C:\Documents and Settings\User\Desktop\i386\*.tmp files]
[atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[AGP440.SYS : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\i386\AGP440.SYS
[1 C:\Documents and Settings\User\Desktop\i386\*.tmp files]
[agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\agp440.sys
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >

#17 chamber

chamber

    True Member

  • Experts
  • PipPipPipPip
  • 274 posts
  • Gender:Male

Posted 28 October 2009 - 11:59 AM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    dump5f27.tmp
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#18 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 28 October 2009 - 12:05 PM

It did'nt find it.
I was browsing some files there now and I tried to open the system volume information file and it sais access is denied. Maybe nothing.

#19 chamber

chamber

    True Member

  • Experts
  • PipPipPipPip
  • 274 posts
  • Gender:Male

Posted 28 October 2009 - 12:12 PM

Can you do the online scan for me then?

It was back a few posts. I think maybe from Saturday.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#20 kpgumbo

kpgumbo

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 177 posts
  • Gender:Male

Posted 28 October 2009 - 12:16 PM

I will do that . I have an idea that will freeze too. The last 2 scans i did with MBAM stopped at c:\updatefix.log and c:\pagefile.sys. So i think the problem is close to that. I will be back with the scan results asap. thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users