Desperate

Desktop infected? themed32.dll missing

43 posts in this topic

Hi,

I hope someone out there can help with this.

My desktop, running Windows XP, is failing to run numerous applications. An error message "xxx.exe unable to locate component & The application has failed to start because themed32.dll was not found .... " keeps on appearing. Some will run despite this, but userinit.exe wont so my desktop only shows the wallpaper. This happened yesterday at about the same time as several other threads were started by people with the same problem.

Any help would be much appreciated.

Desperate

Share this post


Link to post
Share on other sites

  • Download OTL.EXE to your desktop.
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

=========================================

Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

  • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
  • Double-click Gmer.exe to run the program.
  • When the program opens, click the "Rootkit" Tab
  • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
  • Select all drives that are connected to your system to be scanned
  • Click the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Save the gmer scan log and post it in your next reply.
  • Close Gmer
  • Open a command prompt (Start | run |type cmd and hit Enter)
    • Type or paste the following to unload the gmer driver:
    • net stop gmer
    • Hit Enter
    • Exit the command prompt.

    [*]Re-enable all active protection.

Share this post


Link to post
Share on other sites

Sorry to be obtuse over this, but could you tell me how to start up the computer and run explorer.exe. At the moment I have no icons on my desktop at all.

  • Download OTL.EXE to your desktop.
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

=========================================

Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

  • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
  • Double-click Gmer.exe to run the program.
  • When the program opens, click the "Rootkit" Tab
  • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
  • Select all drives that are connected to your system to be scanned
  • Click the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Save the gmer scan log and post it in your next reply.
  • Close Gmer
  • Open a command prompt (Start | run |type cmd and hit Enter)
    • Type or paste the following to unload the gmer driver:
    • net stop gmer
    • Hit Enter
    • Exit the command prompt.

    [*]Re-enable all active protection.

Share this post


Link to post
Share on other sites

no problem....

press ctrl alt delete simultaneously and windows task manager will appear.

Under processes Tab, look for explorer.exe

If found, click on explorer.exe to highlight

Next, click on End Process.

Click on File ---> New Task (run)

Type the following into the box

C:\WINDOWS\explorer.exe and click on Ok

Let me know if you have any issues. Thanks

Share this post


Link to post
Share on other sites

I can open the task manager, despite geting the dialogue that it cannot start, but on typing in the run box C:\WINDOWS.explorer.exe the dialogue appears again that it cannot start because the themed32.dll was not found. Clicking OK, or closing this dialogue, removes explorer.exe from the list of processes runing in the task manager.

no problem....

press ctrl alt delete simultaneously and windows task manager will appear.

Under processes Tab, look for explorer.exe

If found, click on explorer.exe to highlight

Next, click on End Process.

Click on File ---> New Task (run)

Type the following into the box

C:\WINDOWS\explorer.exe and click on Ok

Let me know if you have any issues. Thanks

Share this post


Link to post
Share on other sites

Sorry for the delay, i was away for two days. Can you tell me if you are able to get to your desktop yet?

IF not, have you tried booting safe mode?

Again sorry for the delay

Share this post


Link to post
Share on other sites
Sorry for the delay, i was away for two days. Can you tell me if you are able to get to your desktop yet?

IF not, have you tried booting safe mode?

Again sorry for the delay

Hi,

I can run Internet Explorer from the Task Manager but still can't see my desktop. One worrying thing that I noticed this morning - When taskmansger was open ther seemed to be two versions of iexplorer.exe running.

I downloaded combofix yesterday. I ran despite the themed32.dll error message constantly halting it. It found and removed several trojans. I ran it again and it founf nothing but the problem remains.

Share this post


Link to post
Share on other sites

Hi sjpritch,

I got OTL to run. Here is the log.

OTL logfile created on: 21/06/2010 19:12:07 - Run 1

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\David\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

512.00 Mb Total Physical Memory | 181.00 Mb Available Physical Memory | 35.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free

Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 14.66 Gb Free Space | 19.67% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 178.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RAWLINS

Current User Name: David

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()

PRC - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()

SRV - (Start BT in service) -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)

SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (uigcrdr) -- C:\WINDOWS\system32\drivers\uigcrdr.SYS (GMX Internet Services Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)

DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)

DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)

DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)

DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)

DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)

DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation.)

DRV - (BTHidEnum) -- C:\WINDOWS\System32\Drivers\vbtenum.sys (IVT Corporation.)

DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)

DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)

DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)

DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (GT680x) -- C:\WINDOWS\system32\drivers\gt680x.sys ( )

DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\system32\drivers\SQCaptur.sys (Service & Quality Technology.)

DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows ® 2000 DDK provider)

DRV - (ROB_V) -- C:\WINDOWS\system32\drivers\rob_v.sys (Pinnacle Systems GmbH)

DRV - (pctvvbi) -- C:\WINDOWS\system32\drivers\pctvvbi.sys (Pinnacle Systems)

DRV - (ROB_A) -- C:\WINDOWS\system32\drivers\rob_a.sys (Pinnacle Systems GmbH)

DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (Fasttrak) -- C:\WINDOWS\system32\drivers\Fasttrak.sys (Promise Technology, Inc.)

DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)

DRV - (C-Dilla) -- C:\WINDOWS\system32\drivers\CDANT.SYS (Macrovision)

DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429

FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.0.20091214Wb1

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:54:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 13:00:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/12 09:19:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/15 13:24:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/15 13:24:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/23 08:23:27 | 000,000,000 | ---D | M]

[2009/03/17 09:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions

[2009/03/17 09:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions

[2010/06/03 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\staged-xpis

[2010/06/14 22:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/21 14:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

[2010/02/12 09:19:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/12/22 18:44:05 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/12/22 18:44:05 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/12/22 18:44:05 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/04/04 00:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/03/15 13:24:20 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2010/03/15 13:25:12 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2010/03/15 13:24:04 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2009/12/22 04:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2009/12/22 04:30:24 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/12/22 04:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2009/12/22 04:30:24 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/12/22 04:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2009/12/22 04:30:24 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/12/22 04:30:24 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/12/22 04:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/20 13:54:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [GMX_GMX File Storage Manager] C:\Program Files\GMX\GMX File Storage Manager\DAVSRV.EXE (GMX Internet Services Inc.)

O4 - HKCU..\Run: [iLO_Office_Manager] C:\WINDOWS\System32\intedreg.exe ()

O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)

O4 - HKCU..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\David\Application Data\SystemProc\lsass.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.messenger.msn.com/Medialogic.CAB (CMediaMix Object)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1198967935390 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1215844976656 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.fenlea.co.uk/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled...ploader_v10.cab (PopCapLoader Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP

O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/05/01 21:01:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/02/15 17:22:56 | 000,000,031 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell - "" = AutoRun

O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/12/29 21:53:58 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 19:08:45 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

[2010/06/21 14:36:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\David\Application Data\SystemProc

[2010/06/21 14:36:04 | 000,000,000 | ---D | C] -- C:\Avenger

[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\System

[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\desktop

[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\backup

[2010/06/21 14:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\TmpRecentIcons

[2010/06/20 16:26:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/06/20 13:21:53 | 000,000,000 | ---D | C] -- C:\cmdcons

[2010/06/20 12:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/20 12:40:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/20 12:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/06/15 07:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp

[2010/06/10 17:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\My Albums

[2010/06/07 22:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Driving

[2006/04/16 13:20:05 | 000,017,504 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]

[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/21 19:08:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

[2010/06/21 14:45:19 | 061,273,118 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/06/21 14:41:29 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/06/21 14:41:20 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/21 14:39:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/21 13:35:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1580818891-725345543-1003.job

[2010/06/21 13:35:09 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job

[2010/06/20 16:15:27 | 000,000,535 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/20 13:54:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/06/15 12:42:57 | 007,299,072 | ---- | M] () -- C:\Documents and Settings\David\ntuser.dat

[2010/06/15 12:38:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini

[2010/06/15 12:20:32 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc

[2010/06/15 07:31:09 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job

[2010/06/14 23:04:52 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc

[2010/06/14 22:00:11 | 000,000,009 | ---- | M] () -- C:\confin.sys

[2010/06/13 09:16:17 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc

[2010/06/12 22:51:16 | 000,001,630 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/06/12 22:51:16 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI

[2010/06/12 22:51:13 | 000,083,687 | ---- | M] () -- C:\Documents and Settings\David\FTW.ini

[2010/06/11 13:16:56 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc

[2010/06/09 12:03:56 | 000,619,755 | ---- | M] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG

[2010/06/09 11:58:56 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc

[2010/06/08 15:11:34 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/08 15:11:34 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/08 15:11:34 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/08 13:31:49 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc

[2010/05/30 16:17:35 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc

[2010/05/25 17:26:15 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\David\My Documents\plants to grow 2 .doc

[2010/05/24 15:54:29 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]

[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/20 13:22:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/06/20 13:22:13 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/06/15 12:42:56 | 007,299,072 | ---- | C] () -- C:\Documents and Settings\David\ntuser.dat

[2010/06/15 12:20:32 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc

[2010/06/15 07:31:09 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job

[2010/06/14 23:04:52 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc

[2010/06/14 22:00:11 | 000,000,009 | ---- | C] () -- C:\confin.sys

[2010/06/14 09:11:34 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job

[2010/06/12 22:39:28 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc

[2010/06/10 19:55:04 | 000,619,755 | ---- | C] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG

[2010/06/09 11:59:14 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc

[2010/06/08 13:31:48 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc

[2010/06/07 12:26:06 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc

[2010/05/30 16:17:35 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc

[2010/05/24 15:54:29 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc

[2009/03/31 13:47:10 | 000,002,314 | ---- | C] () -- C:\WINDOWS\mfforms.ini

[2009/03/31 13:34:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2009/03/31 13:34:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\pers.ini

[2009/02/05 12:29:37 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

[2009/02/05 12:29:37 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini

[2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll

[2008/12/06 17:00:02 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/05/25 15:06:52 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini

[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2007/11/19 21:37:25 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll

[2007/09/16 20:51:33 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2006/11/05 18:24:11 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyd.DLL

[2006/11/05 18:23:11 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI

[2006/09/27 12:35:55 | 000,000,014 | ---- | C] () -- C:\WINDOWS\REPCDRWC.INI

[2006/09/27 12:32:53 | 000,398,336 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll

[2006/09/27 12:32:53 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\UserEdit.dll

[2006/04/17 22:00:08 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2006/04/16 13:20:05 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll

[2006/03/03 12:16:55 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2005/07/12 00:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inter[1].INI

[2005/02/05 16:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SQInst32.INI

[2005/02/05 16:39:10 | 000,000,139 | ---- | C] () -- C:\WINDOWS\HELICON.INI

[2005/01/01 19:42:17 | 000,000,511 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2004/12/24 20:13:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MMResdat.ini

[2004/08/21 21:34:10 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI

[2004/08/21 21:30:02 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

[2004/08/21 21:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2004/08/04 01:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/04/03 20:27:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI

[2004/03/16 22:19:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI

[2004/02/16 01:50:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2004/01/05 20:15:32 | 000,001,832 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2003/12/27 18:22:43 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL

[2003/10/03 16:20:09 | 000,000,770 | ---- | C] () -- C:\WINDOWS\Sof2.INI

[2003/09/30 14:53:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4w.DLL

[2003/09/09 07:57:53 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini

[2003/09/09 07:57:52 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll

[2003/09/09 07:40:30 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini

[2003/08/28 19:12:36 | 000,000,222 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI

[2003/08/28 19:09:06 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI

[2003/08/14 17:39:35 | 000,001,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2003/07/26 15:47:10 | 000,000,475 | ---- | C] () -- C:\WINDOWS\disney.ini

[2003/06/21 19:00:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MSBSETUP.INI

[2003/06/08 20:36:54 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll

[2003/06/08 20:36:53 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll

[2003/05/17 20:13:00 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll

[2003/05/17 20:13:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll

[2003/05/17 18:48:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\sierra.ini

[2003/05/04 20:17:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2003/05/04 20:17:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2003/05/04 14:42:44 | 000,000,163 | ---- | C] () -- C:\WINDOWS\KA.INI

[2003/05/01 22:09:17 | 000,000,726 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/05/01 21:38:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2003/05/01 21:38:52 | 000,003,698 | ---- | C] () -- C:\WINDOWS\mixerdef.ini

[2003/05/01 21:38:19 | 000,000,312 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI

[2003/05/01 21:38:14 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

[2003/05/01 21:38:03 | 000,003,188 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2003/05/01 21:38:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2003/05/01 21:23:24 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI

[2003/05/01 21:22:50 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll

[2003/05/01 21:22:50 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll

[2003/05/01 21:22:50 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll

[2003/05/01 21:22:50 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll

[2003/05/01 21:22:50 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll

[2001/09/05 16:48:28 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll

[2001/08/23 13:00:00 | 000,001,728 | ---- | C] () -- C:\WINDOWS\System32\w0elnhiu.dll

[2001/04/01 18:16:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll

[2000/03/29 01:58:40 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll

[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini

[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/04/03 20:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth

[2008/09/17 15:42:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2008/10/23 22:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX

[2005/12/25 12:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2009/01/17 12:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GMX

[2009/03/31 14:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2010/03/30 09:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki

[2010/03/31 08:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2010/03/22 21:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2010/03/29 16:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2009/04/07 19:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/03/15 14:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2007/11/19 17:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\7Wonders

[2007/02/23 11:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\bang

[2009/04/24 19:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Canon

[2007/11/25 15:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\ForgottenRiddles

[2009/01/17 12:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\GMX

[2007/07/01 13:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Leadertech

[2007/11/12 08:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\My Games

[2010/03/31 08:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\NCH Swift Sound

[2008/05/30 08:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Part deaf save

[2006/10/17 22:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Schoolhouse Technologies

[2008/06/06 16:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SecondLife

[2010/03/11 10:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SmartDraw

[2006/01/15 23:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Softplicity

[2008/07/16 11:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SuperAdBlocker.com

[2010/06/21 14:36:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\David\Application Data\SystemProc

[2010/06/21 14:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\TmpRecentIcons

[2006/05/08 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Ulead Systems

[2010/03/29 15:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Uniblue

[2008/05/29 21:32:50 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\AF833F7A92A8B88E.job

[2010/04/25 10:11:05 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

[2010/03/29 16:00:05 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-David-Startup.job

[2010/04/02 16:02:33 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1D9EB272-00C4-4F1F-A8E2-8C2A739B0956}.job

[2009/07/05 17:14:49 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2A220EF1-366B-4CD1-B394-061FCE905A9B}.job

[2010/04/03 00:20:07 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[2007/06/30 15:18:01 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Movie Maker.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2007/05/02 19:38:31 | 000,145,408 | ---- | M] () -- C:\AAD4006 Fine Art.doc

[2009/09/15 17:00:51 | 000,000,000 | ---- | M] () -- C:\AILog.txt

[2003/05/01 21:01:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2004/12/17 12:43:02 | 006,972,738 | RHS- | M] () -- C:\AVG6DB_F.DAT

[2008/07/16 15:52:19 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2008/07/16 15:52:19 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr

[2010/06/20 16:26:01 | 000,014,322 | ---- | M] () -- C:\ComboFix.txt

[2006/11/22 18:42:21 | 000,022,016 | ---- | M] () -- C:\Complete Personal Statement (4).doc

[2003/05/01 21:01:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/06/14 22:00:11 | 000,000,009 | ---- | M] () -- C:\confin.sys

[2007/06/18 21:07:29 | 000,035,840 | ---- | M] () -- C:\guidancenotes.doc

[2004/06/05 16:55:28 | 000,000,067 | ---- | M] () -- C:\inferno.log

[2003/05/01 21:01:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2006/07/05 11:55:01 | 000,000,960 | -HS- | M] () -- C:\jvmt323v.sys

[2003/06/12 16:45:13 | 004,012,920 | ---- | M] () -- C:\Lemm_log.txt

[2003/05/01 21:01:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/08/02 19:19:28 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/06/21 14:39:37 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

[2006/06/18 20:59:37 | 000,045,568 | ---- | M] () -- C:\Partnership Proposals Jun06.doc

[2007/01/08 20:38:21 | 000,244,224 | ---- | M] () -- C:\PDR Form 2006-7 Jane.doc

[2006/11/21 19:12:13 | 000,023,040 | ---- | M] () -- C:\Personal Statement(2).doc

[2006/11/21 19:15:54 | 000,023,040 | ---- | M] () -- C:\Personal Statement(3).doc

[2010/04/06 15:34:49 | 000,000,268 | ---- | M] () -- C:\rkill.log

[2008/09/30 20:49:30 | 000,230,424 | ---- | M] () -- C:\snp2sxp-001.raw

[2003/07/31 17:07:39 | 000,032,768 | ---- | M] () -- C:\t1uk

[2003/10/24 16:23:23 | 000,036,864 | ---- | M] () -- C:\t2l4

[2003/09/24 17:43:13 | 000,036,864 | ---- | M] () -- C:\t2ng

[2003/12/22 15:27:15 | 000,073,728 | ---- | M] () -- C:\t34k

[2003/12/05 22:08:36 | 000,032,768 | ---- | M] () -- C:\t3g0

[2003/10/24 16:46:34 | 000,032,768 | ---- | M] () -- C:\tr4

[2003/11/10 17:29:40 | 000,032,768 | ---- | M] () -- C:\trs

[2003/10/12 14:07:00 | 000,032,768 | ---- | M] () -- C:\tvc

[2004/05/02 15:55:37 | 000,000,014 | ---- | M] () -- C:\win2.log

[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll

[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2007/12/29 21:19:03 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2007/12/29 21:19:02 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav

[2007/12/29 21:39:12 | 030,146,560 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2007/12/29 21:39:12 | 004,194,304 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680086AB

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51A22C60

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1

< End of report >

A second window didn't open. I'll look for Extras.txt with task manager

Share this post


Link to post
Share on other sites

Here it is.

OTL Extras logfile created on: 21/06/2010 19:12:08 - Run 1

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\David\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

512.00 Mb Total Physical Memory | 181.00 Mb Available Physical Memory | 35.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free

Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 14.66 Gb Free Space | 19.67% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 178.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RAWLINS

Current User Name: David

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"6346:TCP" = 6346:TCP:*:Enabled:limewire

"6346:UDP" = 6346:UDP:*:Enabled:Frostwire

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"\??\C:\WINDOWS\system32\winlogon.exe" = \??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:explorer -- (Microsoft Corporation)

"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- File not found

"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)

"C:\Team17\Worms Armageddon\WA.exe" = C:\Team17\Worms Armageddon\WA.exe:*:Enabled:Worms Armageddon -- File not found

"C:\Program Files\Kontiki\KHost.exe" = C:\Program Files\Kontiki\KHost.exe:*:Enabled:Delivery Manager -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found

"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found

"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)

"C:\RECYCLER\S-1-5-21-1644491937-1580818891-725345543-1004\Dc175\firefox.exe" = C:\RECYCLER\S-1-5-21-1644491937-1580818891-725345543-1004\Dc175\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Disabled:msu -- (Motorola)

"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update

"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0

"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.9.0.20

"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox

"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C02ED4F-46B0-4E9E-87F7-47AEBA4031C8}" = PCTV

"{4038EAF0-6F8E-4068-88F6-A417958B8AC5}" = PDF Manual NW-E010 Series

"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{6222F1AF-9C44-4E85-9C70-2C86385B137E}" = 802.11g Wireless LAN PCI Card Driver and Utility

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}" = Bluesoleil2.7.0.13 VoIP Release 071227

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional

"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update

"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6

"{9BE2669E-2BD8-4164-A8B5-C904C864B403}" = WA Update v3.50 beta2

"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0

"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools

"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C82E1703-ACBB-4015-856B-A8A0E5BAC661}" = Ulead CD & DVD PictureShow 3 SE Basic

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"040a_5005" = USB MassStorage CardReader

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Age of Empires 2.0" = Microsoft Age of Empires II

"Ask Toolbar_is1" = Ask Toolbar

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)

"Audacity_is1" = Audacity 1.2.6

"AVG8Uninstall" = AVG 8.5

"BBC iPlayer Download Manager" = BBC iPlayer Download Manager

"CAL" = Canon Camera Access Library

"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MP470 series User Registration" = Canon MP470 series User Registration

"CANONBJ_Deinstall_CNMCP4w.DLL" = Canon i450

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Continuing Professional Development Presentation" = Continuing Professional Development Presentation

"CSCLIB" = Canon Camera Support Core Library

"CutePDF Writer Installation" = CutePDF Writer 2.7

"DFX for Windows Media Player" = DFX for Windows Media Player

"DPP" = Canon Utilities Digital Photo Professional 3.4

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"EOS Utility" = Canon Utilities EOS Utility

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"Eusing Free Registry Defrag" = Eusing Free Registry Defrag

"Evrsoft First Page 2006_is1" = Evrsoft First Page 2006

"Family Tree Maker" = Family Tree Maker 6.0

"Focus on Science investigations 1 -second edition" = Focus on Science investigations 1 -second edition

"Focus on Science Investigations 2" = Focus on Science Investigations 2

"FoxyTunesForFirefox" = FoxyTunes for Firefox

"GMX File Storage Manager" = GMX File Storage Manager

"Google Updater" = Google Updater

"GoogleVideoPlayer" = Google Video Player

"HR Manager" = HR Manager

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver

"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"LimeWire" = LimeWire 5.1.2

"lvdrivers_11.90" = Logitech QuickCam Driver Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Security Scan" = McAfee Security Scan Plus

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Monopoly 3" = Monopoly 3

"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)

"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0

"MyCamera" = Canon Utilities MyCamera

"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers

"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01

"Original Data Security Tools" = Canon Utilities Original Data Security Tools

"PCI Audio Applications" = PCI Audio Applications

"PCI Audio Driver" = PCI Audio Driver

"PhotoStitch" = Canon Utilities PhotoStitch

"Picture Style Editor" = Canon Utilities Picture Style Editor

"QuickTime32" = QuickTime for Windows (32-bit)

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RealPlayer 12.0" = RealPlayer

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"Rolling Balls 1.0" = Rolling Balls 1.0

"Spotify" = Spotify

"StarWraith3" = StarWraith3

"Switch" = Switch Sound File Converter

"VCW VicMan's Photo Editor_is1" = VCW VicMan's Photo Editor 8.1

"VISPROR" = Microsoft Office Visio Professional 2007 Trial

"WavePad" = WavePad Sound Editor

"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility

"Wild Growth Enchantment Screen Saver" = Wild Growth Enchantment Screen Saver

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows Update Remover" = Windows Update Remover

"Windows XP Service Pack" = Windows XP Service Pack 3

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"SmartDraw 2010" = SmartDraw 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 20/06/2010 11:05:48 | Computer Name = RAWLINS | Source = Google Update | ID = 20

Description =

Error - 21/06/2010 08:22:16 | Computer Name = RAWLINS | Source = Microsoft Office 10 | ID = 2001

Description = Rejected Safe Mode action : Microsoft Excel.

[ System Events ]

Error - 21/06/2010 08:52:24 | Computer Name = RAWLINS | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21/06/2010 08:55:43 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SABKUTIL

Error - 21/06/2010 09:25:48 | Computer Name = RAWLINS | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21/06/2010 09:26:09 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7001

Description = The DHCP Client service depends on the NetBios over Tcpip service

which failed to start because of the following error: %%31

Error - 21/06/2010 09:26:09 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7001

Description = The DNS Client service depends on the TCP/IP Protocol Driver service

which failed to start because of the following error: %%31

Error - 21/06/2010 09:26:09 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support

Environment service which failed to start because of the following error: %%31

Error - 21/06/2010 09:26:09 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 21/06/2010 09:26:09 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD AmdK7 AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SABKUTIL Tcpip

uigcrdr

WS2IFSL

Error - 21/06/2010 09:32:02 | Computer Name = RAWLINS | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21/06/2010 09:41:24 | Computer Name = RAWLINS | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SABKUTIL

< End of report >

Share this post


Link to post
Share on other sites

I going to download and run GMER but could you please clarify "

Share this post


Link to post
Share on other sites

via task manager please open otl.exe

Under custom scan, paste the following code

/md5start
shell32.dll
/md5stop

Then click on run.

I believe the problem is a patched system file.

Could you please post the ComboFix log too?

Share this post


Link to post
Share on other sites

Hello sjpritch,

Here's the OTL log. Thanks for your help. Combofix log to follow.

OTL logfile created on: 22/06/2010 09:23:44 - Run 2

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\David\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

512.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 31.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 14.62 Gb Free Space | 19.62% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 178.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RAWLINS

Current User Name: David

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()

PRC - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()

SRV - (Start BT in service) -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)

SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (uigcrdr) -- C:\WINDOWS\system32\drivers\uigcrdr.SYS (GMX Internet Services Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)

DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)

DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)

DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)

DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)

DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)

DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation.)

DRV - (BTHidEnum) -- C:\WINDOWS\System32\Drivers\vbtenum.sys (IVT Corporation.)

DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)

DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)

DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)

DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (GT680x) -- C:\WINDOWS\system32\drivers\gt680x.sys ( )

DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\system32\drivers\SQCaptur.sys (Service & Quality Technology.)

DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows ® 2000 DDK provider)

DRV - (ROB_V) -- C:\WINDOWS\system32\drivers\rob_v.sys (Pinnacle Systems GmbH)

DRV - (pctvvbi) -- C:\WINDOWS\system32\drivers\pctvvbi.sys (Pinnacle Systems)

DRV - (ROB_A) -- C:\WINDOWS\system32\drivers\rob_a.sys (Pinnacle Systems GmbH)

DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (Fasttrak) -- C:\WINDOWS\system32\drivers\Fasttrak.sys (Promise Technology, Inc.)

DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)

DRV - (C-Dilla) -- C:\WINDOWS\system32\drivers\CDANT.SYS (Macrovision)

DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:54:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/12 09:19:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/15 13:24:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/15 13:24:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/23 08:23:27 | 000,000,000 | ---D | M]

[2009/03/17 09:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions

[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions

[2010/06/03 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\staged-xpis

[2010/06/14 22:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/21 14:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

[2009/12/22 04:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2009/12/22 04:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2009/12/22 04:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2009/12/22 04:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/20 13:54:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [GMX_GMX File Storage Manager] C:\Program Files\GMX\GMX File Storage Manager\DAVSRV.EXE (GMX Internet Services Inc.)

O4 - HKCU..\Run: [iLO_Office_Manager] C:\WINDOWS\System32\intedreg.exe ()

O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)

O4 - HKCU..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\David\Application Data\SystemProc\lsass.exe ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.messenger.msn.com/Medialogic.CAB (CMediaMix Object)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1198967935390 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1215844976656 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.fenlea.co.uk/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled...ploader_v10.cab (PopCapLoader Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP

O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/05/01 21:01:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/02/15 17:22:56 | 000,000,031 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell - "" = AutoRun

O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 19:08:45 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

[2010/06/21 14:36:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\David\Application Data\SystemProc

[2010/06/21 14:36:04 | 000,000,000 | ---D | C] -- C:\Avenger

[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\System

[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\desktop

[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\backup

[2010/06/21 14:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\TmpRecentIcons

[2010/06/20 16:26:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/06/20 13:21:53 | 000,000,000 | ---D | C] -- C:\cmdcons

[2010/06/20 12:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/20 12:40:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/20 12:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/06/15 07:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp

[2010/06/10 17:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\My Albums

[2010/06/07 22:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Driving

[2006/04/16 13:20:05 | 000,017,504 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]

[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/22 09:10:55 | 061,289,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/06/22 09:08:32 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/22 09:08:04 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/06/22 09:07:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/21 20:14:17 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/21 20:05:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1580818891-725345543-1003.job

[2010/06/21 20:05:46 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job

[2010/06/21 19:59:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\David\Desktop\2j59kyj1.exe

[2010/06/21 19:08:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

[2010/06/20 13:54:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/06/15 12:42:57 | 007,299,072 | ---- | M] () -- C:\Documents and Settings\David\ntuser.dat

[2010/06/15 12:38:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini

[2010/06/15 12:20:32 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc

[2010/06/15 07:31:09 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job

[2010/06/14 23:04:52 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc

[2010/06/14 22:00:11 | 000,000,009 | ---- | M] () -- C:\confin.sys

[2010/06/13 09:16:17 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc

[2010/06/12 22:51:16 | 000,001,630 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/06/12 22:51:16 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI

[2010/06/12 22:51:13 | 000,083,687 | ---- | M] () -- C:\Documents and Settings\David\FTW.ini

[2010/06/11 13:16:56 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc

[2010/06/09 12:03:56 | 000,619,755 | ---- | M] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG

[2010/06/09 11:58:56 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc

[2010/06/08 15:11:34 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/08 15:11:34 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/08 15:11:34 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/08 13:31:49 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc

[2010/05/30 16:17:35 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc

[2010/05/25 17:26:15 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\David\My Documents\plants to grow 2 .doc

[2010/05/24 15:54:29 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]

[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/21 19:58:56 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\David\Desktop\2j59kyj1.exe

[2010/06/20 13:22:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/06/20 13:22:13 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/06/15 12:42:56 | 007,299,072 | ---- | C] () -- C:\Documents and Settings\David\ntuser.dat

[2010/06/15 12:20:32 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc

[2010/06/15 07:31:09 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job

[2010/06/14 23:04:52 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc

[2010/06/14 22:00:11 | 000,000,009 | ---- | C] () -- C:\confin.sys

[2010/06/14 09:11:34 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job

[2010/06/12 22:39:28 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc

[2010/06/10 19:55:04 | 000,619,755 | ---- | C] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG

[2010/06/09 11:59:14 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc

[2010/06/08 13:31:48 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc

[2010/06/07 12:26:06 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc

[2010/05/30 16:17:35 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc

[2010/05/24 15:54:29 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc

[2009/03/31 13:47:10 | 000,002,314 | ---- | C] () -- C:\WINDOWS\mfforms.ini

[2009/03/31 13:34:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2009/03/31 13:34:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\pers.ini

[2009/02/05 12:29:37 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

[2009/02/05 12:29:37 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini

[2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll

[2008/12/06 17:00:02 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/05/25 15:06:52 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini

[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2007/11/19 21:37:25 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll

[2007/09/16 20:51:33 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2006/11/05 18:24:11 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyd.DLL

[2006/11/05 18:23:11 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI

[2006/09/27 12:35:55 | 000,000,014 | ---- | C] () -- C:\WINDOWS\REPCDRWC.INI

[2006/09/27 12:32:53 | 000,398,336 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll

[2006/09/27 12:32:53 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\UserEdit.dll

[2006/04/17 22:00:08 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2006/04/16 13:20:05 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll

[2006/03/03 12:16:55 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2005/07/12 00:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inter[1].INI

[2005/02/05 16:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SQInst32.INI

[2005/02/05 16:39:10 | 000,000,139 | ---- | C] () -- C:\WINDOWS\HELICON.INI

[2005/01/01 19:42:17 | 000,000,511 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2004/12/24 20:13:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MMResdat.ini

[2004/08/21 21:34:10 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI

[2004/08/21 21:30:02 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

[2004/08/21 21:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2004/08/04 01:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/04/03 20:27:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI

[2004/03/16 22:19:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI

[2004/02/16 01:50:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2004/01/05 20:15:32 | 000,001,832 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2003/12/27 18:22:43 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL

[2003/10/03 16:20:09 | 000,000,770 | ---- | C] () -- C:\WINDOWS\Sof2.INI

[2003/09/30 14:53:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4w.DLL

[2003/09/09 07:57:53 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini

[2003/09/09 07:57:52 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll

[2003/09/09 07:40:30 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini

[2003/08/28 19:12:36 | 000,000,222 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI

[2003/08/28 19:09:06 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI

[2003/08/14 17:39:35 | 000,001,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2003/07/26 15:47:10 | 000,000,475 | ---- | C] () -- C:\WINDOWS\disney.ini

[2003/06/21 19:00:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MSBSETUP.INI

[2003/06/08 20:36:54 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll

[2003/06/08 20:36:53 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll

[2003/05/17 20:13:00 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll

[2003/05/17 20:13:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll

[2003/05/17 18:48:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\sierra.ini

[2003/05/04 20:17:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2003/05/04 20:17:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2003/05/04 14:42:44 | 000,000,163 | ---- | C] () -- C:\WINDOWS\KA.INI

[2003/05/01 22:09:17 | 000,000,726 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/05/01 21:38:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2003/05/01 21:38:52 | 000,003,698 | ---- | C] () -- C:\WINDOWS\mixerdef.ini

[2003/05/01 21:38:19 | 000,000,312 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI

[2003/05/01 21:38:14 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

[2003/05/01 21:38:03 | 000,003,188 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2003/05/01 21:38:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2003/05/01 21:23:24 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI

[2003/05/01 21:22:50 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll

[2003/05/01 21:22:50 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll

[2003/05/01 21:22:50 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll

[2003/05/01 21:22:50 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll

[2003/05/01 21:22:50 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll

[2001/09/05 16:48:28 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll

[2001/08/23 13:00:00 | 000,001,728 | ---- | C] () -- C:\WINDOWS\System32\w0elnhiu.dll

[2001/04/01 18:16:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll

[2000/03/29 01:58:40 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll

[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini

[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========

< MD5 for: SHELL32.DLL >

[2008/06/17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\system32\dllcache\shell32.dll

[2008/06/17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\system32\shell32.dll

[2008/04/14 01:12:05 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=0CF50B1F45DAB08430C1DBB79FE2CA5B -- C:\WINDOWS\ServicePackFiles\i386\shell32.dll

[2008/06/17 20:04:34 | 008,461,824 | ---- | M] (Microsoft Corporation) MD5=270CE1BFDF019A3D7527F1DA6FB1FA96 -- C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll

[2005/09/23 04:18:20 | 008,452,608 | ---- | M] (Microsoft Corporation) MD5=2B7DD09E1DE64B094409E3D43E248716 -- C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll

[2007/10/26 04:34:01 | 008,460,288 | ---- | M] (Microsoft Corporation) MD5=3BE4C2E84D99889685FE2B68E5FA2A9D -- C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll

[2003/06/11 13:43:48 | 008,240,640 | ---- | M] (Microsoft Corporation) MD5=46EC8881647FC015DDC2B08EB2B24A29 -- C:\WINDOWS\$xpsp1hfm$\KB821557\shell32.dll

[2006/03/17 05:46:31 | 008,454,656 | ---- | M] (Microsoft Corporation) MD5=5371E3BAE6FA21C26730C19FA8819335 -- C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll

[2006/03/17 05:03:54 | 008,452,096 | ---- | M] (Microsoft Corporation) MD5=6DDC1304FC3E6849D2BAD23D95E9573B -- C:\WINDOWS\$hf_mig$\KB908531\SP2GDR\shell32.dll

[2007/10/26 04:36:51 | 008,454,656 | ---- | M] (Microsoft Corporation) MD5=BC061480F01EAB948744C6C5E24FB7A8 -- C:\WINDOWS\$NtServicePackUninstall$\shell32.dll

[2006/07/13 15:03:23 | 008,457,728 | ---- | M] (Microsoft Corporation) MD5=BCDA9264F73B21DF325A10D99C6FB44A -- C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\shell32.dll

[2005/09/23 04:05:29 | 008,450,560 | ---- | M] (Microsoft Corporation) MD5=C1BCFEC67E712B6A00AD00ADFCBFD02E -- C:\WINDOWS\$hf_mig$\KB900725\SP2GDR\shell32.dll

[2006/12/19 22:50:10 | 008,458,752 | ---- | M] (Microsoft Corporation) MD5=C21253CC2EA4001EB3D93CD98E9B35FE -- C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll

[2006/07/13 14:33:27 | 008,453,632 | ---- | M] (Microsoft Corporation) MD5=F056B4771408966694DE5D9BF79B48F8 -- C:\WINDOWS\$hf_mig$\KB921398\SP2GDR\shell32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680086AB

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51A22C60

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1

< End of report >

Share this post


Link to post
Share on other sites

Hello sjpritch,

Here's the OTL log. Thanks for your help. Combofix log to follow.

OTL logfile created on: 22/06/2010 09:23:44 - Run 2

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\David\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

512.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 31.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 14.62 Gb Free Space | 19.62% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 178.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RAWLINS

Current User Name: David

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()

PRC - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()

SRV - (Start BT in service) -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)

SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (uigcrdr) -- C:\WINDOWS\system32\drivers\uigcrdr.SYS (GMX Internet Services Inc.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)

DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)

DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)

DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)

DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)

DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)

DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation.)

DRV - (BTHidEnum) -- C:\WINDOWS\System32\Drivers\vbtenum.sys (IVT Corporation.)

DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)

DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)

DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)

DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (GT680x) -- C:\WINDOWS\system32\drivers\gt680x.sys ( )

DRV - (DCamUSBSQTECH) Dual-Mode DSC(2770) -- C:\WINDOWS\system32\drivers\SQCaptur.sys (Service & Quality Technology.)

DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows ® 2000 DDK provider)

DRV - (ROB_V) -- C:\WINDOWS\system32\drivers\rob_v.sys (Pinnacle Systems GmbH)

DRV - (pctvvbi) -- C:\WINDOWS\system32\drivers\pctvvbi.sys (Pinnacle Systems)

DRV - (ROB_A) -- C:\WINDOWS\system32\drivers\rob_a.sys (Pinnacle Systems GmbH)

DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (Fasttrak) -- C:\WINDOWS\system32\drivers\Fasttrak.sys (Promise Technology, Inc.)

DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)

DRV - (C-Dilla) -- C:\WINDOWS\system32\drivers\CDANT.SYS (Macrovision)

DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:54:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/12 09:19:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/15 13:24:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/15 13:24:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/23 08:23:27 | 000,000,000 | ---D | M]

[2009/03/17 09:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions

[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions

[2010/06/03 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/06/03 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\extensions\staged-xpis

[2010/06/14 22:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/21 14:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

[2009/12/22 04:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2009/12/22 04:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2009/12/22 04:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2009/12/22 04:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/20 13:54:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [GMX_GMX File Storage Manager] C:\Program Files\GMX\GMX File Storage Manager\DAVSRV.EXE (GMX Internet Services Inc.)

O4 - HKCU..\Run: [iLO_Office_Manager] C:\WINDOWS\System32\intedreg.exe ()

O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)

O4 - HKCU..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\David\Application Data\SystemProc\lsass.exe ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.messenger.msn.com/Medialogic.CAB (CMediaMix Object)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1198967935390 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1215844976656 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} http://webc.fenlea.co.uk/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled...ploader_v10.cab (PopCapLoader Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP

O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\My Documents\My Pictures\2009_05_05\IMG_0790.BMP

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/05/01 21:01:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/02/15 17:22:56 | 000,000,031 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell - "" = AutoRun

O33 - MountPoints2\{8aa8cc1d-6034-11dc-adff-00120e6b9d8d}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 19:08:45 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

[2010/06/21 14:36:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\David\Application Data\SystemProc

[2010/06/21 14:36:04 | 000,000,000 | ---D | C] -- C:\Avenger

[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\System

[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\desktop

[2010/06/21 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\backup

[2010/06/21 14:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\TmpRecentIcons

[2010/06/20 16:26:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/06/20 13:21:53 | 000,000,000 | ---D | C] -- C:\cmdcons

[2010/06/20 12:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/20 12:40:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/20 12:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/06/15 07:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp

[2010/06/10 17:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\My Albums

[2010/06/07 22:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Driving

[2006/04/16 13:20:05 | 000,017,504 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]

[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/22 09:10:55 | 061,289,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/06/22 09:08:32 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/22 09:08:04 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/06/22 09:07:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/21 20:14:17 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/21 20:05:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1580818891-725345543-1003.job

[2010/06/21 20:05:46 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job

[2010/06/21 19:59:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\David\Desktop\2j59kyj1.exe

[2010/06/21 19:08:45 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

[2010/06/20 13:54:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/06/15 12:42:57 | 007,299,072 | ---- | M] () -- C:\Documents and Settings\David\ntuser.dat

[2010/06/15 12:38:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini

[2010/06/15 12:20:32 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc

[2010/06/15 07:31:09 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job

[2010/06/14 23:04:52 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc

[2010/06/14 22:00:11 | 000,000,009 | ---- | M] () -- C:\confin.sys

[2010/06/13 09:16:17 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc

[2010/06/12 22:51:16 | 000,001,630 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/06/12 22:51:16 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI

[2010/06/12 22:51:13 | 000,083,687 | ---- | M] () -- C:\Documents and Settings\David\FTW.ini

[2010/06/11 13:16:56 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc

[2010/06/09 12:03:56 | 000,619,755 | ---- | M] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG

[2010/06/09 11:58:56 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc

[2010/06/08 15:11:34 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/08 15:11:34 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/08 15:11:34 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/08 13:31:49 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc

[2010/05/30 16:17:35 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc

[2010/05/25 17:26:15 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\David\My Documents\plants to grow 2 .doc

[2010/05/24 15:54:29 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[6 C:\Documents and Settings\David\My Documents\*.tmp files -> C:\Documents and Settings\David\My Documents\*.tmp -> ]

[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/21 19:58:56 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\David\Desktop\2j59kyj1.exe

[2010/06/20 13:22:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/06/20 13:22:13 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/06/15 12:42:56 | 007,299,072 | ---- | C] () -- C:\Documents and Settings\David\ntuser.dat

[2010/06/15 12:20:32 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins arms.doc

[2010/06/15 07:31:09 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job

[2010/06/14 23:04:52 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Rawlins mottoe.doc

[2010/06/14 22:00:11 | 000,000,009 | ---- | C] () -- C:\confin.sys

[2010/06/14 09:11:34 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job

[2010/06/12 22:39:28 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Hanmer.doc

[2010/06/10 19:55:04 | 000,619,755 | ---- | C] () -- C:\Documents and Settings\David\My Documents\DSC04783.JPG

[2010/06/09 11:59:14 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Information from Traffic Signs Manual.doc

[2010/06/08 13:31:48 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Mexican Gherkin.doc

[2010/06/07 12:26:06 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\David\My Documents\PCN letter.doc

[2010/05/30 16:17:35 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Washing Machine Repair.doc

[2010/05/24 15:54:29 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Melothria scabra.doc

[2009/03/31 13:47:10 | 000,002,314 | ---- | C] () -- C:\WINDOWS\mfforms.ini

[2009/03/31 13:34:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2009/03/31 13:34:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\pers.ini

[2009/02/05 12:29:37 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

[2009/02/05 12:29:37 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini

[2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll

[2008/12/06 17:00:02 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/05/25 15:06:52 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini

[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2007/11/19 21:37:25 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll

[2007/09/16 20:51:33 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2006/11/05 18:24:11 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyd.DLL

[2006/11/05 18:23:11 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI

[2006/09/27 12:35:55 | 000,000,014 | ---- | C] () -- C:\WINDOWS\REPCDRWC.INI

[2006/09/27 12:32:53 | 000,398,336 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll

[2006/09/27 12:32:53 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\UserEdit.dll

[2006/04/17 22:00:08 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2006/04/16 13:20:05 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll

[2006/03/03 12:16:55 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2005/07/12 00:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inter[1].INI

[2005/02/05 16:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SQInst32.INI

[2005/02/05 16:39:10 | 000,000,139 | ---- | C] () -- C:\WINDOWS\HELICON.INI

[2005/01/01 19:42:17 | 000,000,511 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2004/12/24 20:13:18 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MMResdat.ini

[2004/08/21 21:34:10 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI

[2004/08/21 21:30:02 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

[2004/08/21 21:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2004/08/04 01:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/04/03 20:27:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI

[2004/03/16 22:19:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI

[2004/02/16 01:50:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2004/01/05 20:15:32 | 000,001,832 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2003/12/27 18:22:43 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL

[2003/10/03 16:20:09 | 000,000,770 | ---- | C] () -- C:\WINDOWS\Sof2.INI

[2003/09/30 14:53:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4w.DLL

[2003/09/09 07:57:53 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini

[2003/09/09 07:57:52 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll

[2003/09/09 07:40:30 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini

[2003/08/28 19:12:36 | 000,000,222 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI

[2003/08/28 19:09:06 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI

[2003/08/14 17:39:35 | 000,001,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2003/07/26 15:47:10 | 000,000,475 | ---- | C] () -- C:\WINDOWS\disney.ini

[2003/06/21 19:00:45 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MSBSETUP.INI

[2003/06/08 20:36:54 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll

[2003/06/08 20:36:53 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll

[2003/05/17 20:13:00 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll

[2003/05/17 20:13:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll

[2003/05/17 18:48:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\sierra.ini

[2003/05/04 20:17:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2003/05/04 20:17:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2003/05/04 14:42:44 | 000,000,163 | ---- | C] () -- C:\WINDOWS\KA.INI

[2003/05/01 22:09:17 | 000,000,726 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/05/01 21:38:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2003/05/01 21:38:52 | 000,003,698 | ---- | C] () -- C:\WINDOWS\mixerdef.ini

[2003/05/01 21:38:19 | 000,000,312 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI

[2003/05/01 21:38:14 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

[2003/05/01 21:38:03 | 000,003,188 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2003/05/01 21:38:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2003/05/01 21:23:24 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI

[2003/05/01 21:22:50 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll

[2003/05/01 21:22:50 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll

[2003/05/01 21:22:50 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll

[2003/05/01 21:22:50 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll

[2003/05/01 21:22:50 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll

[2001/09/05 16:48:28 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll

[2001/08/23 13:00:00 | 000,001,728 | ---- | C] () -- C:\WINDOWS\System32\w0elnhiu.dll

[2001/04/01 18:16:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll

[2000/03/29 01:58:40 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll

[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini

[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========

< MD5 for: SHELL32.DLL >

[2008/06/17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\system32\dllcache\shell32.dll

[2008/06/17 20:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\system32\shell32.dll

[2008/04/14 01:12:05 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=0CF50B1F45DAB08430C1DBB79FE2CA5B -- C:\WINDOWS\ServicePackFiles\i386\shell32.dll

[2008/06/17 20:04:34 | 008,461,824 | ---- | M] (Microsoft Corporation) MD5=270CE1BFDF019A3D7527F1DA6FB1FA96 -- C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll

[2005/09/23 04:18:20 | 008,452,608 | ---- | M] (Microsoft Corporation) MD5=2B7DD09E1DE64B094409E3D43E248716 -- C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll

[2007/10/26 04:34:01 | 008,460,288 | ---- | M] (Microsoft Corporation) MD5=3BE4C2E84D99889685FE2B68E5FA2A9D -- C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll

[2003/06/11 13:43:48 | 008,240,640 | ---- | M] (Microsoft Corporation) MD5=46EC8881647FC015DDC2B08EB2B24A29 -- C:\WINDOWS\$xpsp1hfm$\KB821557\shell32.dll

[2006/03/17 05:46:31 | 008,454,656 | ---- | M] (Microsoft Corporation) MD5=5371E3BAE6FA21C26730C19FA8819335 -- C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll

[2006/03/17 05:03:54 | 008,452,096 | ---- | M] (Microsoft Corporation) MD5=6DDC1304FC3E6849D2BAD23D95E9573B -- C:\WINDOWS\$hf_mig$\KB908531\SP2GDR\shell32.dll

[2007/10/26 04:36:51 | 008,454,656 | ---- | M] (Microsoft Corporation) MD5=BC061480F01EAB948744C6C5E24FB7A8 -- C:\WINDOWS\$NtServicePackUninstall$\shell32.dll

[2006/07/13 15:03:23 | 008,457,728 | ---- | M] (Microsoft Corporation) MD5=BCDA9264F73B21DF325A10D99C6FB44A -- C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\shell32.dll

[2005/09/23 04:05:29 | 008,450,560 | ---- | M] (Microsoft Corporation) MD5=C1BCFEC67E712B6A00AD00ADFCBFD02E -- C:\WINDOWS\$hf_mig$\KB900725\SP2GDR\shell32.dll

[2006/12/19 22:50:10 | 008,458,752 | ---- | M] (Microsoft Corporation) MD5=C21253CC2EA4001EB3D93CD98E9B35FE -- C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll

[2006/07/13 14:33:27 | 008,453,632 | ---- | M] (Microsoft Corporation) MD5=F056B4771408966694DE5D9BF79B48F8 -- C:\WINDOWS\$hf_mig$\KB921398\SP2GDR\shell32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680086AB

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51A22C60

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1

< End of report >

Share this post


Link to post
Share on other sites

I just downloaded combofix again and ran it. It rebooted windows but did't open a log window. Has it stored the logfile somewhere? If so, how do I access it to post it here?

Thanks

Share this post


Link to post
Share on other sites

log is usually saved here

c:\combofix.txt

open taskmanager again

Go to File task(run)---> cmd and press ok

type the following

ren C:\windows\system32\uxtheme.dll uxtheme.dll.vir

press enter.

Let me know if windows doesn't replace the file. You may need to reboot your computer. Let me know if your desktop doesn't appear again. Thanks

Share this post


Link to post
Share on other sites

Hello again,

log is usually saved here

c:\combofix.txt

Yes, that's what I understood but windows can't find it there and, when browsing, I can't see any .txt files in the combofix folder

open taskmanager again

Go to File task(run)---> cmd and press ok

type the following

ren C:\windows\system32\uxtheme.dll uxtheme.dll.vir

press enter.

Let me know if windows doesn't replace the file. You may need to reboot your computer. Let me know if your desktop doesn't appear again. Thanks

I did as you suggest above but I'm stuck with the error message "The filename, directory name, or volume label syntax is incorrect" This is, I think, because the cursor is flashing at C:\Documents and Setting\David> and, I'm ashamed to say, that I don't know the DOS commands to get to the C: drive. :welcome:

Share this post


Link to post
Share on other sites

sorry about that

type in

cd c:\windows\system32

followed by the enter key. Then try renaming it again.

Share this post


Link to post
Share on other sites
sorry about that

type in

cd c:\windows\system32

followed by the enter key. Then try renaming it again.

OK. As far as I can tell, it worked.

Share this post


Link to post
Share on other sites

:P YES ;) IT WORKED :)

I rebooted for the changes to take effect and the desktop was back, looking how it shoud, and no sign of that !$**%! error message. Sjpritch25, I don't know what you did, or how renaming a file worked, but you're a lifesaver. Thank you sooooo much!

On top of the desktop icons was a combofix window with combofix still trying to creat a logfile. So that answers why I couldn't find it. It had hung and, after an hour, I closed it and ran it again from scratch. Here is it's log

ComboFix 10-06-23.03 - David 01/01/2002 3:03.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.512.146 [GMT 0:00]

Running from: c:\documents and settings\David\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Jane\gotomypc_438.exe

c:\windows\system\winspool.drv

c:\windows\system32\CMMGR32.EXE

c:\windows\system32\tmpf00.exe

c:\windows\system32\tmpf01.exe

.

---- Previous Run -------

.

C:\confin.sys

c:\documents and settings\David\Application Data\SystemProc\lsass.exe

c:\documents and settings\David\FTOINST.EXE

c:\documents and settings\David\FTOSUB.EXE

c:\documents and settings\David\FTWSK32.DLL

c:\documents and settings\David\FTWSKC32.DLL

c:\documents and settings\David\FTWTLBR.DLL

c:\documents and settings\David\FTWWRP32.DLL

c:\documents and settings\David\IMAGING.DLL

c:\documents and settings\David\IMPLODE.DLL

c:\documents and settings\David\INFOLINK.DLL

c:\documents and settings\David\PG30.DLL

c:\documents and settings\David\PGCNTL32.DLL

c:\documents and settings\David\TextEditor.dll

c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest

c:\windows\patch.exe

c:\windows\reg.reg

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

((((((((((((((((((((((((( Files Created from 2001-12-01 to 2002-01-01 )))))))))))))))))))))))))))))))

.

2010-06-21 13:36 . 2010-06-21 13:36 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-20 11:13 . 2010-06-20 11:13 -------- d-----w- c:\program files\Trend Micro

2010-06-15 06:29 . 2010-06-15 06:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

2010-05-13 19:48 . 2010-05-13 19:48 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\Temp

2010-04-28 07:53 . 2010-04-28 07:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2010-04-22 11:51 . 2010-04-22 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-04-22 11:51 . 2010-04-22 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2010-04-22 11:51 . 2010-04-28 07:52 -------- d-----w- c:\program files\McAfee Security Scan

2010-04-22 09:05 . 2010-04-22 09:05 -------- d-----w- c:\program files\Rolling Balls 1.0

2010-04-22 08:15 . 2010-04-22 08:15 361984 ----a-w- c:\windows\system32\Wild Growth Enchantment.scr

2010-04-15 11:08 . 2010-02-17 08:10 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-15 11:08 . 2010-02-16 13:25 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-04-08 08:02 . 2010-04-08 08:06 -------- d-----w- c:\program files\Eusing Free Registry Defrag

2010-04-08 07:53 . 2010-04-14 09:18 -------- d-----w- c:\program files\Free Internet Window Washer

2010-04-06 14:53 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-06 14:53 . 2010-06-21 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-06 14:53 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-31 07:39 . 2010-03-31 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound

2010-03-31 07:39 . 2010-03-31 07:39 -------- d-----w- c:\documents and settings\David\Application Data\NCH Swift Sound

2010-03-29 15:23 . 2010-03-29 15:23 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2010-03-29 14:32 . 2010-03-29 14:32 -------- d-----w- c:\documents and settings\David\Application Data\Uniblue

2010-03-26 21:42 . 2010-03-26 21:42 -------- d-----w- c:\documents and settings\David\Application Data\Apple Computer

2010-03-22 20:20 . 2010-03-22 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap

2010-03-15 22:24 . 2007-05-09 01:10 237552 ----a-w- c:\windows\system32\tpuninst.exe

2010-03-15 22:24 . 2010-03-15 22:24 -------- d-----w- c:\program files\Windows Update Remover

2010-03-15 13:10 . 2010-03-15 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems

2010-03-15 12:26 . 2010-03-15 12:26 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Real

2010-03-15 12:23 . 2010-03-15 12:23 -------- d-----w- c:\program files\Common Files\xing shared

2010-03-11 08:31 . 2010-03-11 09:25 -------- d-----w- c:\program files\SmartDraw 2010

2010-03-10 07:56 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-02-12 04:33 . 2010-02-12 04:33 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll

2010-01-13 14:01 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll

2010-01-13 07:07 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2009-12-24 06:59 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll

2009-12-16 18:43 . 2009-12-16 18:43 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe

2009-12-14 07:08 . 2009-12-14 07:08 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll

2009-12-04 08:59 . 2009-12-04 08:59 -------- d-----w- c:\documents and settings\David\Application Data\AVG8

2009-12-03 13:02 . 2009-12-03 13:05 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe

2009-11-27 16:07 . 2009-11-27 16:07 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll

2009-10-21 05:38 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 05:38 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 16:20 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys

2009-10-13 10:30 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll

2009-10-12 13:38 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll

2009-10-12 13:38 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll

2009-09-09 08:57 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-09-04 21:03 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll

2009-08-12 20:52 . 2009-08-12 20:54 34 ----a-w- c:\documents and settings\Shona\jagex_runescape_preferences.dat

2009-08-11 18:18 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-07-21 00:05 . 2009-07-21 00:05 1348432 ----a-w- c:\windows\system32\msxml4.dll

2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll

2009-07-17 16:22 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll

2009-07-11 18:25 . 2009-07-11 18:25 -------- d-sh--w- c:\documents and settings\Shona\IECompatCache

2009-07-03 05:54 . 2009-07-03 05:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-06-25 08:25 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll

2009-06-25 08:25 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll

2009-06-25 08:25 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll

2009-06-24 11:18 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys

2009-06-20 15:13 . 2009-06-20 15:13 -------- d-sh--w- c:\documents and settings\Jane\PrivacIE

2009-06-20 13:14 . 2009-06-20 13:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-06-16 16:40 . 2009-06-16 16:40 -------- d-sh--w- c:\documents and settings\Jane\IETldCache

2009-06-16 14:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2009-06-16 14:36 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2009-06-15 09:05 . 2009-06-15 09:05 -------- d-sh--w- c:\documents and settings\David\IECompatCache

2009-06-15 08:56 . 2009-06-15 08:56 -------- d-sh--w- c:\documents and settings\David\PrivacIE

2009-06-15 07:39 . 2009-06-15 07:39 -------- d-sh--w- c:\documents and settings\David\IETldCache

2009-06-15 05:57 . 2009-06-15 05:57 -------- d-sh--w- c:\documents and settings\Shona\PrivacIE

2009-06-15 05:13 . 2009-06-15 05:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-06-15 05:12 . 2009-06-15 05:12 -------- d-sh--w- c:\documents and settings\Shona\IETldCache

2009-06-14 21:32 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-14 21:32 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-14 21:31 . 2010-04-15 10:59 -------- d-----w- c:\windows\ie8updates

2009-06-14 21:30 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-06-14 21:25 . 2009-06-14 21:29 -------- dc-h--w- c:\windows\ie8

2009-06-12 12:31 . 2009-06-12 12:31 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe

2009-06-12 12:31 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe

2009-06-10 14:13 . 2009-11-27 16:07 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll

2009-06-10 06:14 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll

2009-05-29 13:32 . 2010-02-25 12:28 -------- d-----w- c:\program files\NCH Software

2009-05-29 13:32 . 2009-05-29 13:33 -------- d-----w- c:\program files\NCH Swift Sound

2009-05-29 13:32 . 2009-05-29 13:34 -------- d-----w- c:\documents and settings\Shona\Application Data\NCH Swift Sound

2009-05-10 10:35 . 2009-05-10 10:35 -------- d-----w- c:\documents and settings\Shona\Local Settings\Application Data\Apple Computer

2009-05-10 10:34 . 2009-06-10 17:51 -------- d-----w- c:\documents and settings\Shona\Application Data\Audacity

2009-05-10 10:33 . 2009-05-10 10:33 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2009-05-07 15:32 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll

2009-05-03 20:06 . 2009-07-11 17:33 -------- d-----w- c:\documents and settings\Shona\Application Data\Canon

2009-04-30 14:45 . 2009-04-30 14:48 -------- d-----w- c:\windows\system32\Adobe

2009-04-24 18:07 . 2009-04-24 18:07 -------- d-----w- c:\documents and settings\Shona\Local Settings\Application Data\CANON_INC

2009-04-24 18:02 . 2009-10-01 07:09 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\CANON_INC

2009-04-17 09:48 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-04-17 09:48 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-04-17 09:48 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2009-04-17 09:48 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-04-17 09:48 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-04-17 09:48 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-17 09:48 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-04-17 09:48 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-04-17 09:48 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-04-17 09:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2009-04-17 09:43 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-04-15 14:51 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2009-04-10 12:17 . 2009-06-08 20:28 -------- d-----w- c:\documents and settings\Shona\Application Data\U3

2009-04-09 10:22 . 2009-04-09 10:22 -------- d-----w- c:\windows\system32\KB905474

2009-04-07 17:16 . 2009-04-07 17:16 -------- d-----w- c:\documents and settings\Shona\Application Data\PlayFirst

2009-04-07 16:31 . 2003-03-24 08:00 68096 -c--a-w- c:\windows\system32\dllcache\dpnhupnp.dll

2009-04-07 16:22 . 2009-06-22 21:02 -------- d-----w- c:\program files\Pariah Singleplayer Demo

2009-04-04 11:21 . 2010-06-14 08:16 -------- d-----w- C:\$AVG8.VAULT$

2009-04-03 18:59 . 2009-04-03 18:59 -------- d-----w- c:\program files\IVT Corporation

2009-04-02 19:08 . 2009-04-28 16:05 -------- d-----w- c:\documents and settings\Jane\Application Data\FrostWire

2009-04-02 19:05 . 2009-04-02 19:05 -------- d-----w- c:\program files\AskBarDis

2009-03-31 13:24 . 2009-08-21 08:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-03-31 13:24 . 2009-08-21 08:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-03-31 13:24 . 2009-05-13 11:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-03-31 13:24 . 2001-12-31 23:19 -------- d-----w- c:\windows\system32\drivers\Avg

2009-03-31 13:24 . 2009-12-04 09:13 -------- d-----w- c:\program files\AVG

2009-03-31 13:24 . 2009-12-04 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-03-31 12:34 . 2009-03-31 12:34 -------- d-----w- C:\Idapi32

2009-03-31 12:34 . 2009-03-31 12:34 -------- d-----w- C:\WinPers

2009-03-22 20:10 . 2009-03-23 19:36 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\CANON_INC

2009-03-22 09:33 . 2009-04-03 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth

2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll

2009-03-19 16:31 . 2009-05-25 11:28 -------- d-----w- c:\documents and settings\Jane\Application Data\Spotify

2009-03-19 16:31 . 2009-05-25 11:23 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\Spotify

2009-03-19 16:31 . 2009-03-19 16:31 -------- d-----w- c:\program files\Spotify

2009-03-17 16:13 . 2009-03-17 16:13 -------- d-----w- c:\documents and settings\Jane\Application Data\EleFun Games

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-19 10:32 . 2003-05-01 20:27 -------- d-----w- c:\program files\Common Files\Adobe

2010-02-18 16:43 . 2008-12-06 16:00 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-02-18 08:23 . 2008-12-06 15:59 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-01-13 14:01 . 2004-08-04 12:00 86016 ----a-w- c:\windows\system32\cabview.dll

2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-24 06:59 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-11-27 17:11 . 2004-08-04 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll

2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll

2009-11-27 16:07 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll

2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:07 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-11-27 16:07 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll

2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll

2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-15 16:28 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-10-15 16:28 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-01 06:43 . 2003-05-01 20:22 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-01 06:43 . 2003-05-01 20:22 -------- d-----w- c:\program files\Pinnacle

2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-25 09:17 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2009-08-14 13:21 . 2004-08-04 12:00 1850624 ----a-w- c:\windows\system32\win32k.sys

2009-08-07 12:16 . 2009-08-07 12:16 -------- d-----w- c:\program files\MSBuild

2009-08-07 12:16 . 2009-08-07 12:16 -------- d-----w- c:\program files\Reference Assemblies

2009-08-06 18:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-31 10:05 . 2008-07-21 23:27 1372672 ------w- c:\windows\system32\msxml6.dll

2009-07-31 04:35 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-17 16:22 . 2004-08-04 12:00 1435648 ----a-w- c:\windows\system32\query.dll

2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll

2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-01 22:02 . 2004-08-04 12:00 604160 ----a-w- c:\windows\system32\wmspdmod.dll

2009-03-08 03:34 . 2004-08-04 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll

2009-03-08 03:33 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll

2009-03-08 03:32 . 2004-08-04 12:00 72704 ----a-w- c:\windows\system32\admparse.dll

2009-03-08 03:32 . 2004-08-04 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-03-08 03:31 . 2004-08-04 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll

2009-03-08 03:31 . 2004-08-04 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll

2009-03-08 03:31 . 2004-08-04 12:00 45568 ----a-w- c:\windows\system32\mshta.exe

2009-03-08 03:22 . 2004-08-04 12:00 156160 ----a-w- c:\windows\system32\msls31.dll

2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll

2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w- c:\windows\system32\ntdll.dll

2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\advapi32.dll

2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w- c:\windows\system32\rpcss.dll

2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w- c:\windows\system32\services.exe

2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w- c:\windows\system32\sc.exe

2009-01-04 20:01 . 2009-01-04 20:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf

2009-01-04 20:01 . 2009-01-04 20:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf

2009-01-01 20:12 . 2009-01-01 20:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2009-01-01 20:12 . 2009-01-01 20:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-12-16 21:38 . 2008-12-16 21:38 85302 ----a-w- c:\windows\system32\drivers\LVFeL002.cfg

2008-12-16 21:38 . 2008-12-16 21:38 69592 ----a-w- c:\windows\system32\drivers\LVFaL000.cfg

2008-12-16 21:38 . 2008-12-16 21:38 227172 ----a-w- c:\windows\system32\drivers\LVFeL000.cfg

2008-12-16 21:38 . 2008-12-16 21:38 146680 ----a-w- c:\windows\system32\drivers\LVFeL001.cfg

2008-10-27 10:04 . 2009-03-12 17:09 514384 ----a-w- c:\windows\system32\XAudio2_3.dll

2008-10-27 10:04 . 2009-03-12 17:09 235856 ----a-w- c:\windows\system32\xactengine3_3.dll

2008-10-27 10:04 . 2009-03-12 17:09 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll

2008-10-27 10:04 . 2009-03-12 17:09 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll

2008-10-23 12:36 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\gdi32.dll

2008-10-10 04:52 . 2009-03-12 17:09 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2008-10-10 04:52 . 2009-03-12 17:09 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2008-10-10 04:52 . 2009-03-12 17:09 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2008-08-14 10:04 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2008-08-02 18:29 . 2003-05-01 20:00 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat

2008-07-30 06:20 . 2009-03-12 17:09 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2008-07-30 06:20 . 2009-03-12 17:09 509448 ----a-w- c:\windows\system32\XAudio2_2.dll

2008-07-30 06:20 . 2009-03-12 17:09 238088 ----a-w- c:\windows\system32\xactengine3_2.dll

2008-07-16 11:03 . 2003-05-01 20:38 -------- d-----w- c:\program files\PCI Audio Applications

2008-07-10 11:01 . 2009-03-12 17:09 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2008-07-10 11:00 . 2009-03-12 17:09 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2008-07-10 11:00 . 2009-03-12 17:09 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2008-07-07 20:26 . 2004-08-04 12:00 253952 ----a-w- c:\windows\system32\es.dll

2008-07-06 12:06 . 2009-08-07 12:14 117760 ------w- c:\windows\system32\prntvpt.dll

2008-07-06 12:06 . 2009-08-07 12:14 575488 ------w- c:\windows\system32\xpsshhdr.dll

2008-07-06 12:06 . 2009-08-07 12:14 1676288 ------w- c:\windows\system32\xpssvcs.dll

2008-06-24 16:43 . 2004-08-04 12:00 74240 ----a-w- c:\windows\system32\mscms.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-09-08 21:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GMX_GMX File Storage Manager"="c:\program files\GMX\GMX File Storage Manager\DAVSRV.EXE" [2008-07-29 942080]

"ILO_Office_Manager"="IntEdReg.exe" [2002-10-15 53760]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-15 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-05-02 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-21 08:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2001-10-22 17:24 1216512 ----a-r- c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ILO_Office_Manager]

2002-10-15 00:30 53760 ----a-w- c:\windows\system32\intedreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2003-05-02 14:19 4640768 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2003-05-02 14:19 49152 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-05-02 14:19 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-05-27 09:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-03-15 12:21 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6346:TCP"= 6346:TCP:limewire

"6346:UDP"= 6346:UDP:Frostwire

R0 Fasttrak;Fasttrak;c:\windows\system32\drivers\Fasttrak.sys [20/12/2001 18:49 70528]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/03/2009 13:24 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/03/2009 13:24 108552]

R1 uigcrdr;uigcrdr;c:\windows\system32\drivers\uigcrdr.SYS [17/01/2009 11:01 149248]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [31/03/2009 13:24 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31/03/2009 13:24 297752]

R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [27/12/2007 14:39 51816]

R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [01/05/2003 20:22 6369]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/05/2010 19:48 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]

S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [24/06/2007 14:52 13532]

.

Contents of the 'Scheduled Tasks' folder

2008-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2002-01-01 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-30 06:57]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c5457c30198.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 19:48]

2002-01-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-05-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1580818891-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2002-01-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1580818891-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-05-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1580818891-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{1D9EB272-00C4-4F1F-A8E2-8C2A739B0956}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2009-07-05 c:\windows\Tasks\User_Feed_Synchronization-{2A220EF1-366B-4CD1-B394-061FCE905A9B}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-04-02 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 21:18]

2007-06-30 c:\windows\Tasks\Windows Movie Maker.job

- c:\progra~1\MOVIEM~1\moviemk.exe [2004-05-26 15:28]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.fenlea.co.uk/controls/IlosoftImageUpload.dll

FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\pfuqip7a.default\

FF - prefs.js: browser.search.selectedEngine - Search the Web

FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll

FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "Search the Web");.

- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)

HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\David\Application Data\SystemProc\lsass.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2002-01-01 03:25

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

RTHDBPL = c:\documents and settings\David\Application Data\SystemProc\lsass.exe???????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7560)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\program files\GMX\GMX File Storage Manager\ExplorerHook.dll

c:\progra~1\WINDOW~3\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\System32\uigcnp.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\System32\logon.scr

.

**************************************************************************

.

Completion time: 2002-01-01 03:40:06 - machine was rebooted

ComboFix-quarantined-files.txt 2002-01-01 03:39

ComboFix2.txt 2010-06-20 15:26

Pre-Run: 15,657,218,048 bytes free

Post-Run: 15,616,622,592 bytes free

- - End Of File - - E4CC3C48AB69CBE17CDE98D496091CD7

How clean is this now?

Share this post


Link to post
Share on other sites

Arg! So high so low. :P I just went to open a genealogy progam and got the error message " FTW.exe This application has failed to start because FtwWrp32.dll was not found. Reinstalling the application may fix this problem". Is this symptomatic of a continued infection or is this another damaged/renamed dll file?

Share this post


Link to post
Share on other sites

Well it would seem ComboFix didn't like the location of the dll. Not sure why it was placed there. Did you place that file there?

I need another log to replace the files

please post this log for me. Thanks

C:\Qoobox\ComboFix-quarantined-files.txt

i will let the developer know about the false positive. I will need an explantion on why those files are placed there too. Thanks.

c:\documents and settings\David\FTOINST.EXE
c:\documents and settings\David\FTOSUB.EXE
c:\documents and settings\David\FTWSK32.DLL
c:\documents and settings\David\FTWSKC32.DLL
c:\documents and settings\David\FTWTLBR.DLL
c:\documents and settings\David\FTWWRP32.DLL
c:\documents and settings\David\IMAGING.DLL
c:\documents and settings\David\IMPLODE.DLL
c:\documents and settings\David\INFOLINK.DLL
c:\documents and settings\David\PG30.DLL
c:\documents and settings\David\PGCNTL32.DLL
c:\documents and settings\David\TextEditor.dll

Share this post


Link to post
Share on other sites
Well it would seem ComboFix didn't like the location of the dll. Not sure why it was placed there. Did you place that file there?

Nope. I wouldn't know how!

I need another log to replace the files

please post this log for me. Thanks

C:\Qoobox\ComboFix-quarantined-files.txt

Here it is.

2010-06-22 09:36:21 . 2002-01-01 03:16:16 11,517 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2010-06-20 15:23:47 . 2002-01-01 03:37:42 121 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-SITEguard.reg.dat

2010-06-20 12:46:55 . 2010-06-22 09:36:52 892 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MYWEBSEARCHSERVICE.reg.dat

2010-06-20 11:44:57 . 2002-01-01 02:56:21 255 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-06-14 21:00:11 . 2010-06-14 21:00:11 9 ----a-w- C:\Qoobox\Quarantine\C\confin.sys.vir

2010-06-14 21:00:07 . 2010-06-14 21:00:01 66,560 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\Application Data\SystemProc\lsass.exe.vir

2010-06-14 21:00:05 . 2010-06-15 07:18:58 151 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest.vir

2010-04-22 08:15:29 . 2010-04-22 08:15:29 540 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\readme.txt.vir

2010-03-11 08:35:40 . 2010-03-11 09:25:41 86 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\System\win_qs8.jqx.vir

2009-05-25 11:20:43 . 2009-05-25 11:20:43 726,008 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jane\gotomypc_438.exe.vir

2008-07-16 11:02:48 . 2008-07-16 11:02:48 0 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\CMMGR32.EXE.vir

2007-08-30 08:49:51 . 2007-08-30 08:49:51 238 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\u2g.f.vir

2007-05-17 12:38:02 . 2008-08-27 20:35:12 86 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jane\System\win_qs8.jqx.vir

2007-01-16 11:15:08 . 2007-01-16 11:15:08 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\err.log.vir

2006-02-19 20:49:19 . 2006-02-19 20:50:34 283 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tmpf01.exe.vir

2006-02-19 11:40:35 . 2006-02-19 22:09:51 283 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tmpf00.exe.vir

2005-04-21 08:59:06 . 2005-04-21 08:59:06 131,072 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.dll.vir

2005-04-18 13:45:34 . 2005-04-18 12:45:34 242 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.inf.vir

2005-01-02 21:38:04 . 2005-01-02 21:38:04 12 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\System\win_qs7.jqx.vir

2005-01-01 20:01:32 . 2005-01-01 20:02:40 636 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\REG.REG.vir

2004-08-21 20:29:58 . 1999-02-09 17:00:20 36,352 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\FTWTLBR.DLL.vir

2004-08-20 20:51:53 . 1999-02-09 17:00:20 19,968 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\FTWSKC32.DLL.vir

2004-08-20 20:37:26 . 1999-02-09 17:00:20 203,264 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\TextEditor.dll.vir

2004-08-20 20:37:24 . 1999-02-09 17:00:20 57,344 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\PGCNTL32.DLL.vir

2004-08-20 20:37:24 . 1999-02-09 17:00:20 340,480 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\PG30.DLL.vir

2004-08-20 20:37:24 . 1999-02-09 17:00:20 17,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\IMPLODE.DLL.vir

2004-08-20 20:37:24 . 1999-02-09 17:00:20 74,240 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\INFOLINK.DLL.vir

2004-08-20 20:37:24 . 1999-02-09 17:00:20 54,784 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\IMAGING.DLL.vir

2004-08-20 20:37:24 . 1999-02-09 17:00:20 235,520 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\FTWWRP32.DLL.vir

2004-08-10 14:41:27 . 1999-02-09 17:00:20 38,912 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\FTOINST.EXE.vir

2004-08-10 14:41:12 . 1999-02-09 17:00:20 62,464 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\FTOSUB.EXE.vir

2004-08-10 14:38:28 . 1999-02-09 17:00:20 19,968 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\David\FTWSK32.DLL.vir

2004-08-04 12:00:00 . 2008-04-14 00:11:59 33,792 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\msgsvc.dll.vir

2004-08-04 12:00:00 . 2008-04-13 18:40:30 96,512 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir

2003-09-09 06:40:16 . 2003-12-15 10:20:35 286,720 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\PATCH.EXE.vir

2003-08-12 19:37:11 . 2006-03-04 16:13:27 53,224 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\xpsp1hfm.log.vir

2003-05-05 10:44:21 . 2003-02-06 13:32:48 275 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\Readme.txt.vir

2003-05-01 20:52:04 . 2008-04-14 00:12:45 146,432 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\winspool.drv.vir

2002-01-01 03:37:49 . 2002-01-01 03:37:49 186 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Explorer_Run-RTHDBPL.reg.dat

1998-01-07 14:50:06 . 1998-01-07 14:50:06 71,168 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\desktop\colrpikr.xls.vir

i will let the developer know about the false positive. I will need an explantion on why those files are placed there too. Thanks.

c:\documents and settings\David\FTOINST.EXE
c:\documents and settings\David\FTOSUB.EXE
c:\documents and settings\David\FTWSK32.DLL
c:\documents and settings\David\FTWSKC32.DLL
c:\documents and settings\David\FTWTLBR.DLL
c:\documents and settings\David\FTWWRP32.DLL
c:\documents and settings\David\IMAGING.DLL
c:\documents and settings\David\IMPLODE.DLL
c:\documents and settings\David\INFOLINK.DLL
c:\documents and settings\David\PG30.DLL
c:\documents and settings\David\PGCNTL32.DLL
c:\documents and settings\David\TextEditor.dll

I have no idea. I can see them on the combofix log, but it's all Greek to me.

Share this post


Link to post
Share on other sites

Looking again at the combofix log I noticed this entry;

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GMX_GMX File Storage Manager"="c:\program files\GMX\GMX File Storage Manager\DAVSRV.EXE" [2008-07-29 942080]

"ILO_Office_Manager"="IntEdReg.exe" [2002-10-15 53760]

I don't understand it, and I don't know whether it's relevent, but my GMX file storage stopped working a few weeks back.

Share this post


Link to post
Share on other sites

Open notepad and copy/paste the text in the codebox below into it:

@echo off
for %%g in (
C:\Qoobox\Quarantine\C\Documents and Settings\David\FTWSK32.DLL.vir
C:\Qoobox\Quarantine\C\Documents and Settings\David\FTOSUB.EXE.vir
C:\Qoobox\Quarantine\C\Documents and Settings\David\FTOINST.EXE.vir
C:\Qoobox\Quarantine\C\Documents and Settings\David\FTWWRP32.DLL.vir
C:\Qoobox\Quarantine\C\Documents and Settings\David\IMAGING.DLL.vir
C:\Qoobox\Quarantine\C\Documents and Settings\David\INFOLINK.DLL.vir
C:\Qoobox\Quarantine\C\Documents and Settings\David\IMPLODE.DLL.vir
C:\Qoobox\Quarantine\C\Documents and Settings\David\PG30.DLL.vir
C:\Qoobox\Quarantine\C\Documents and Settings\David\PGCNTL32.DLL.vir
C:\Qoobox\Quarantine\C\Documents and Settings\David\TextEditor.dll.vir
C:\Qoobox\Quarantine\C\Documents and Settings\David\FTWSKC32.DLL.vir
C:\Qoobox\Quarantine\C\Documents and Settings\David\FTWTLBR.DLL.vir
C:\Qoobox\Quarantine\C\WINDOWS\desktop\colrpikr.xls.vir
) do zip Files_for_submission %%g
del %0

Save this as grab.bat

Choose to "Save type as - All Files"

Save it on your desktop.

It should look like this: bat_icon.gif

Double click on grab.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop.

Please upload that file here --> http://www.bleepingcomputer.com/submit-mal....php?channel=70

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.