WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] is my computer infected? malwarebytes won't run, runtime

Started by rowe , Oct 14 2009 02:57 AM

This topic is locked

20 replies to this topic

#1 rowe

New Member

Authentic Member
11 posts

Posted 14 October 2009 - 02:57 AM

hello whatthetech team, im new here and really not familiar on what to do. i came here to seek for your help. i think my computer is infected and it's responsible for for blocking my anti-malware programs. please help. i have windows xp.

Edited by rowe, 14 October 2009 - 02:57 AM.

Advertisements

Register to Remove

#2 chamber

G2G Staff

Authentic Member
140 posts

Posted 14 October 2009 - 03:25 AM

Hi rowe,

Please download DDS and save it to your desktop.

Disable any script blocking protection
Double click dds.scr to run the tool.
When done, DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:

Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware.

#3 rowe

New Member

Authentic Member
11 posts

Posted 14 October 2009 - 03:43 AM

Attach.txt 13.02KB 290 downloadshello chamber, thanks for replying

heres my DDS.txt DDS (Ver_09-10-13.01) - FAT32x86 Run by minemine at 17:55:26.07 on Wed 10/14/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223.101 [GMT 8:00] AV: avast! antivirus 4.8.1229 [VPS 091013-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup SVCHOST.EXE SVCHOST.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe SVCHOST.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Documents and Settings\minemine\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = mStart Page = hxxp://www.msn.com mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll TB: {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe mRun: [VTTimer] VTTimer.exe mRun: [VTTrayp] VTtrayp.exe mRun: [SoundMan] SOUNDMAN.EXE mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe" mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe dRun: [Nokia.PCSync] c:\documents and settings\administrator\desktop\unused shortcuts\nokia pc suite 6\PcSync2.exe /NoDialog IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-23 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-23 20560] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-13 38224] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\drivers\zebrceb.sys [2008-12-13 62984] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-6-17 16512] S3 NPF;Netgroup Packet Filter; [x] S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-12-1 428160] =============== Created Last 30 ================ 2009-10-13 22:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-13 22:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-13 22:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-11 14:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\InterVideo 2009-10-11 14:09 209,040 a------- c:\windows\system32\IVIresizeW7.dll 2009-10-11 14:09 204,944 a------- c:\windows\system32\IVIresizeA6.dll 2009-10-11 14:09 196,752 a------- c:\windows\system32\IVIresizeP6.dll 2009-10-11 14:09 196,752 a------- c:\windows\system32\IVIresizeM6.dll 2009-10-11 14:09 192,656 a------- c:\windows\system32\IVIresizePX.dll 2009-10-11 14:09 24,720 a------- c:\windows\system32\IVIresize.dll 2009-10-11 14:07 <DIR> --d----- c:\program files\Windows Media Components 2009-10-11 14:06 <DIR> --d----- c:\program files\common files\Ulead Systems 2009-10-11 14:03 <DIR> --d----- c:\program files\Corel 2009-10-08 17:23 <DIR> --d----- c:\docume~1\minemine\applic~1\Teleca 2009-10-08 17:23 <DIR> --d----- c:\documents and settings\minemine\Phone Browser 2009-10-08 17:22 <DIR> --d----- c:\docume~1\minemine\applic~1\Sony Ericsson 2009-10-08 15:04 <DIR> --d----- c:\documents and settings\minemine 2009-10-08 14:25 60,416 a------- c:\windows\system32\drivers\Combo-Fix.sys 2009-10-08 14:18 <DIR> a-dshr-- C:\cmdcons 2009-10-08 14:15 229,888 a------- c:\windows\PEV.exe 2009-10-08 14:15 161,792 a------- c:\windows\SWREG.exe 2009-10-08 14:15 98,816 a------- c:\windows\sed.exe 2009-10-08 14:15 388,608 a------- c:\windows\system32\CF15117.exe 2009-10-08 14:15 <DIR> --ds---- C:\minemine 2009-10-08 13:51 <DIR> --d----- c:\docume~1\minemine\applic~1\Search Settings 2009-10-08 13:51 <DIR> --d----- c:\docume~1\minemine\applic~1\Dealio 2009-10-08 09:01 <DIR> --d----- c:\program files\Search Settings 2009-10-08 09:01 <DIR> --d----- c:\program files\Dealio Toolbar 2009-10-08 09:00 315,392 a------- c:\windows\system32\TubeFinder.exe 2009-10-08 08:59 364,544 a------- c:\windows\system32\PropertyGrid.ocx 2009-10-08 08:59 208,500 a------- c:\windows\system32\ReyXpBasics.tlb 2009-10-08 08:59 119,568 a------- c:\windows\system32\VB6FR.DLL 2009-10-08 08:59 84,512 a------- c:\windows\system32\PICCLP32.OCX 2009-10-08 08:59 9,728 a------- c:\windows\system32\PCCLPFR.DLL 2009-10-08 08:59 141,312 a------- c:\windows\system32\MSCMCFR.DLL 2009-10-08 08:59 24,576 a------- c:\windows\system32\ControlSubX.ocx 2009-10-08 08:59 32,768 a------- c:\windows\system32\CMDLGFR.DLL 2009-10-08 08:59 <DIR> --d----- c:\program files\Free FLV Converter 2009-10-08 08:59 <DIR> --d----- c:\docume~1\minemine\applic~1\FreeFLVConverter 2009-10-08 07:41 <DIR> --d----- c:\program files\YouTube Downloader 2009-10-08 05:38 <DIR> --ds---- c:\documents and settings\minemine\UserData 2009-10-06 17:22 131,856 a------- c:\windows\system32\MSADODC.ocx 2009-10-06 17:22 512,688 a------- c:\windows\system32\XceedCry.dll 2009-10-06 17:22 423,784 a------- c:\windows\system32\XceedBkp.dll 2009-10-06 17:22 939,368 a------- c:\windows\system32\Flash.ocx 2009-10-06 17:22 28,672 a------- c:\windows\system32\systray.ocx 2009-10-06 17:22 265,753 a------- c:\windows\system32\AS-Exp2.ocx 2009-10-06 17:22 389,120 a------- c:\windows\system32\ACTSKN43.OCX 2009-10-06 17:22 188,416 a------- c:\windows\system32\actsplash.ocx 2009-10-06 17:22 101,888 a------- c:\windows\system32\VB6STKIT.DLL 2009-10-06 17:22 89,088 a------- c:\windows\system32\ProgressBar4.ocx 2009-10-06 17:22 11,012 a------- c:\windows\system32\threadapi.tlb 2009-10-06 07:58 34,816 a------- c:\windows\system32\drivers\.sys 2009-10-03 01:48 <DIR> --d----- c:\program files\ESET ==================== Find3M ==================== 2009-08-21 17:46 450,560 a------- c:\windows\system32\dllcache\jscript.dll 2009-08-05 17:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 17:11 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-31 15:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-19 00:20 3,062,272 a------- c:\windows\system32\dllcache\mshtml.dll 2009-07-19 00:20 1,506,304 a------- c:\windows\system32\dllcache\shdocvw.dll 2009-07-18 02:55 58,880 a------- c:\windows\system32\dllcache\atl.dll 2009-07-18 02:55 58,880 a------- c:\windows\system32\atl.dll 2008-10-23 14:05 8 a------- c:\docume~1\alluse~1\applic~1\VYAAUFMZPWQQ.SYS ============= FINISH: 17:56:09.48 =============== and i have attached my attach.txt

#4 chamber

G2G Staff

Authentic Member
140 posts

Posted 14 October 2009 - 04:17 AM

I noticed that you have previously run ComboFix, this is very dangerous as ComboFix is a very powerfull tool and can cause damage to your system if not used properly.

Do you have the log that it produced? If so please post it here.

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\system32\eventlog.dll
%systemroot%\system32\scecli.dll
%systemroot%\netlogon.dll
%systemroot%\system32\cngaudit.dll
%systemroot%\system32\sceclt.dll
%systemroot%\ntelogon.dll
%systemroot%\system32\logevent.dll
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware.

#5 rowe

New Member

Authentic Member
11 posts

Posted 14 October 2009 - 04:29 AM

it was my cousin who installed combofix, and i've read that it is indeed dangerous if used unsupervised. i would also like to remove this, i'm afraid it might damage my computer. i can't find any log of it anywhere in my computer. i would like to ask one question before i do your instruction. should i do ERUNT first, or it's okay if i don't as of the moment? thank you again chamber, hoping we could fix this if ever the computer indeed has some infections. :-)

Edited by rowe, 14 October 2009 - 04:30 AM.

#6 chamber

G2G Staff

Authentic Member
140 posts

Posted 14 October 2009 - 04:45 AM

You can do Erunt First. For the combofix log, it should be located at C:\Combofix.txt

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware.

#7 rowe

New Member

Authentic Member
11 posts

Posted 14 October 2009 - 05:14 AM

heres my OTL.txt :-)

OTL logfile created on: 10/14/2009 7:29:34 PM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\minemine\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.30 Mb Total Physical Memory | 130.09 Mb Available Physical Memory | 58.26% Memory free
661.66 Mb Paging File | 319.86 Mb Available in Paging File | 48.34% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 3.07 Gb Free Space | 15.72% Space Free | Partition Type: FAT32
Drive D: | 17.72 Gb Total Space | 4.64 Gb Free Space | 26.21% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XP-4FF4E76E9B2D
Current User Name: minemine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\minemine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\slserv.exe ( )
PRC - C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SLService [Auto | Running]) -- C:\WINDOWS\System32\slserv.exe ( )
SRV - (Spooler [Disabled | Stopped]) -- File not found
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ASPI [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys (Adaptec)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (irsir [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Mtlmnt5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys ( )
DRV - (Mtlstrm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys ( )
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdcj [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdcm [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RecAgent [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys ( )
DRV - (s116bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s116bus.sys (MCCI Corporation)
DRV - (s116mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s116mdfl.sys (MCCI Corporation)
DRV - (s116mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s116mdm.sys (MCCI Corporation)
DRV - (s116mgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s116mgmt.sys (MCCI Corporation)
DRV - (s116nd5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s116nd5.sys (MCCI Corporation)
DRV - (s116obex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s116obex.sys (MCCI Corporation)
DRV - (s116unic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s116unic.sys (MCCI Corporation)
DRV - (s117bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s117bus.sys (MCCI Corporation)
DRV - (s117mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s117mdfl.sys (MCCI Corporation)
DRV - (s117mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s117mgmt.sys (MCCI Corporation)
DRV - (s117nd5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s117nd5.sys (MCCI Corporation)
DRV - (s117obex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s117obex.sys (MCCI Corporation)
DRV - (s117unic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s117unic.sys (MCCI Corporation)
DRV - (SE27bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE27bus.sys (MCCI)
DRV - (SE27mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys (MCCI)
DRV - (SE27mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE27mdm.sys (MCCI)
DRV - (SE27mgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys (MCCI)
DRV - (se27nd5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\se27nd5.sys (MCCI)
DRV - (SE27obex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE27obex.sys (MCCI)
DRV - (se27unic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\se27unic.sys (MCCI)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Slntamr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys ( )
DRV - (SlNtHal [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys ( )
DRV - (SlWdmSup [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys ( )
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (viagfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (viamraid [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys (VIA Technologies inc,.ltd)
DRV - (vmfilter303 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\vmfilter303.sys (Vimicro Corporation)
DRV - (w810bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\w810bus.sys (MCCI)
DRV - (w810mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\w810mdfl.sys (MCCI)
DRV - (w810mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\w810mdm.sys (MCCI)
DRV - (w810mgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\w810mgmt.sys (MCCI)
DRV - (w810obex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\w810obex.sys (MCCI)
DRV - (zebrceb [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\zebrceb.sys (MCCI)
DRV - (ZSMC303 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbVM303.sys (Vimicro Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Encarta Web Companion Helper Object) - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Encarta Web Companion) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Encarta Web Companion) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 124.104.135.63 58.69.254.199
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/06/15 23:01:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/10/11 14:09:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/10/14 14:28:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/10/11 14:06:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/10/08 15:04:31 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\minemine\Application Data
[2009/10/08 15:21:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\Adobe
[2009/10/09 14:23:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\Apple Computer
[2009/10/08 13:51:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\Dealio
[2009/10/08 08:59:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\FreeFLVConverter
[2009/10/08 15:21:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\Google
[2009/10/08 15:13:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\Identities
[2009/10/11 14:02:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\InstallShield
[2009/10/08 15:21:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\Macromedia
[2009/10/08 15:04:31 | 00,000,000 | --SD | C] -- C:\Documents and Settings\minemine\Application Data\Microsoft
[2009/10/08 17:23:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\PC Suite
[2009/10/08 13:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\Search Settings
[2009/10/08 17:22:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\Sony Ericsson
[2009/10/14 16:40:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\Sun
[2009/10/08 17:23:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\Teleca
[2009/10/11 14:11:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Application Data\Ulead Systems
[2009/10/08 15:04:30 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\minemine\Local Settings\Application Data
[2009/10/08 07:58:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Local Settings\Application Data\Apple Computer
[2009/10/08 15:20:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Local Settings\Application Data\ApplicationHistory
[2009/10/08 15:21:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Local Settings\Application Data\Google
[2009/10/08 15:04:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Local Settings\Application Data\Microsoft
[2009/10/08 15:18:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Local Settings\Application Data\PCHealth
[2009/10/08 07:13:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\Local Settings\Application Data\VDT
[2009/10/11 14:06:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2009/10/11 14:03:50 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2009/10/08 09:01:11 | 00,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2009/10/14 19:16:53 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/03 01:48:22 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/10/08 08:59:53 | 00,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter
[2009/10/13 22:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/08 09:01:24 | 00,000,000 | ---D | C] -- C:\Program Files\Search Settings
[2009/10/11 14:07:59 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2009/10/08 07:41:34 | 00,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2009/10/14 19:21:26 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\minemine\Desktop\OTL.exe
[2009/10/14 19:13:07 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\minemine\Desktop\erunt_setup.exe
[2009/10/14 15:27:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/14 14:27:31 | 01,560,952 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\minemine\Desktop\MGADiag.exe
[2009/10/13 22:53:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/13 22:53:00 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/11 14:11:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\minemine\My Documents\Corel VideoStudio
[2009/10/08 16:31:37 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\minemine\Desktop\RootRepeal.exe
[2009/10/08 16:31:14 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\minemine\Desktop\OTS.exe
[2009/10/08 15:12:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\minemine\My Documents\My Music
[2009/10/08 15:12:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\minemine\My Documents\My Pictures
[2009/10/08 14:18:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/08 14:15:55 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/08 14:15:55 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/08 14:15:55 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/08 14:15:55 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/08 14:15:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/08 14:15:48 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF15117.exe
[2009/10/08 14:15:48 | 00,000,000 | --SD | C] -- C:\minemine
[2009/10/08 14:15:14 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/08 09:00:01 | 00,315,392 | ---- | C] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2009/10/08 08:59:57 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2009/10/08 08:59:57 | 00,084,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PICCLP32.OCX
[2009/10/08 08:59:56 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PCCLPFR.DLL
[2009/10/08 08:59:55 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2009/10/08 08:59:54 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2009/10/08 08:37:41 | 00,000,000 | R--D | C] -- C:\Documents and Settings\minemine\My Documents\My Videos
[2009/10/06 17:22:54 | 00,131,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADODC.ocx
[2009/10/06 17:22:53 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2009/10/06 17:22:52 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/10/06 17:22:50 | 00,939,368 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2009/10/06 17:22:50 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\systray.ocx
[2009/10/06 17:22:48 | 00,265,753 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\AS-Exp2.ocx
[2009/10/06 17:22:47 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2009/10/06 17:22:46 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2009/10/06 17:22:45 | 00,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2009/10/05 14:36:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/10/05 06:18:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2006/06/16 22:10:19 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2004/11/01 16:30:00 | 00,653,960 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2004/11/01 16:26:36 | 00,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2004/11/01 16:24:00 | 00,229,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/11/01 16:19:00 | 00,100,176 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/11/01 16:17:26 | 01,396,048 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2004/11/01 16:07:50 | 00,013,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/10/14 19:21:26 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\minemine\Desktop\OTL.exe
[2009/10/14 19:16:56 | 00,000,515 | ---- | M] () -- C:\Documents and Settings\minemine\Desktop\NTREGOPT.lnk
[2009/10/14 19:16:56 | 00,000,496 | ---- | M] () -- C:\Documents and Settings\minemine\Desktop\ERUNT.lnk
[2009/10/14 19:13:08 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\minemine\Desktop\erunt_setup.exe
[2009/10/14 17:54:08 | 00,331,264 | ---- | M] () -- C:\Documents and Settings\minemine\Desktop\dds.scr
[2009/10/14 17:07:38 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/14 15:27:36 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/14 14:27:32 | 01,560,952 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\minemine\Desktop\MGADiag.exe
[2009/10/14 14:13:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/14 14:10:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/13 22:54:16 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\minemine\Local Settings\Application Data\IconCache.db
[2009/10/13 22:53:06 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/13 18:51:22 | 00,085,984 | ---- | M] () -- C:\Documents and Settings\minemine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/12 01:51:50 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/12 01:18:02 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1592454029-839522115-500Core.job
[2009/10/11 21:10:06 | 00,106,496 | ---- | M] () -- C:\Documents and Settings\minemine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/11 20:48:58 | 00,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/09 14:40:48 | 00,001,062 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/08 16:40:28 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\minemine\Desktop\settings.dat
[2009/10/08 16:31:42 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\minemine\Desktop\RootRepeal.exe
[2009/10/08 16:31:24 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\minemine\Desktop\OTS.exe
[2009/10/08 15:10:24 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/10/08 14:25:42 | 00,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2009/10/08 14:18:06 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/08 14:15:08 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF15117.exe
[2009/10/08 13:55:12 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\.sys
[2009/10/06 12:22:06 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/06 12:17:14 | 00,000,109 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/02 11:50:28 | 00,315,392 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe

========== Files - No Company Name ==========
[2009/10/14 19:16:54 | 00,000,515 | ---- | C] () -- C:\Documents and Settings\minemine\Desktop\NTREGOPT.lnk
[2009/10/14 19:16:54 | 00,000,496 | ---- | C] () -- C:\Documents and Settings\minemine\Desktop\ERUNT.lnk
[2009/10/14 17:54:08 | 00,331,264 | ---- | C] () -- C:\Documents and Settings\minemine\Desktop\dds.scr
[2009/10/13 22:53:05 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/11 14:09:23 | 00,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/10/11 14:09:22 | 00,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/10/11 14:09:22 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/10/11 14:09:22 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/10/11 14:09:22 | 00,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/10/11 14:09:22 | 00,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/10/09 14:23:00 | 00,085,984 | ---- | C] () -- C:\Documents and Settings\minemine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/08 16:39:15 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\minemine\Desktop\settings.dat
[2009/10/08 15:51:38 | 03,712,656 | -H-- | C] () -- C:\Documents and Settings\minemine\Local Settings\Application Data\IconCache.db
[2009/10/08 15:04:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\minemine\Application Data\desktop.ini
[2009/10/08 14:25:41 | 00,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2009/10/08 14:18:05 | 00,000,210 | ---- | C] () -- C:\Boot.bak
[2009/10/08 14:18:04 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/08 14:15:55 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/08 14:15:55 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/08 14:15:55 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/08 14:15:55 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/08 08:59:57 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\PropertyGrid.ocx
[2009/10/08 08:59:57 | 00,208,500 | ---- | C] () -- C:\WINDOWS\System32\ReyXpBasics.tlb
[2009/10/08 08:59:55 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\ControlSubX.ocx
[2009/10/06 17:22:47 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2009/10/06 17:22:44 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2009/10/06 07:58:31 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\.sys
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/10/23 13:55:46 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\VYAAUFMZPWQQ.SYS
[2008/08/22 21:49:07 | 00,000,109 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/26 13:37:09 | 00,000,186 | ---- | C] () -- C:\WINDOWS\TB50.INI
[2008/06/20 16:45:27 | 00,000,138 | ---- | C] () -- C:\WINDOWS\asym.ini
[2008/06/18 09:44:08 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2008/04/06 22:24:50 | 00,000,023 | ---- | C] () -- C:\WINDOWS\VBCTL3D.INI
[2008/04/06 22:17:55 | 00,595,160 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll
[2008/04/06 22:17:48 | 00,589,960 | ---- | C] () -- C:\WINDOWS\System32\brgrt.dll
[2008/04/06 22:09:41 | 00,001,690 | ---- | C] () -- C:\WINDOWS\DIPLOMA.INI
[2008/04/06 22:09:40 | 00,000,116 | ---- | C] () -- C:\WINDOWS\BRGVARS.INI
[2007/12/26 21:08:36 | 00,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/08/15 10:11:40 | 00,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/08 10:38:08 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS76.DLL
[2007/05/10 17:58:00 | 00,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2007/03/29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/03/04 21:20:10 | 00,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2007/01/13 12:46:20 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/12/29 22:13:02 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/01 16:08:57 | 00,000,318 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2006/11/01 16:08:46 | 00,000,415 | ---- | C] () -- C:\WINDOWS\superball.ini
[2006/10/29 22:33:14 | 00,000,323 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2006/10/26 19:55:57 | 00,000,023 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2006/10/26 19:51:18 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WINTOYS.INI
[2006/10/26 19:39:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WordSearch.INI
[2006/10/11 22:35:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/06/21 00:58:20 | 00,000,268 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/06/16 22:10:19 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2006/06/16 22:10:19 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2006/06/16 22:10:19 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2006/06/16 01:56:34 | 00,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/06/16 01:56:33 | 00,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[2006/06/16 00:30:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/16 00:20:57 | 00,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/06/16 00:19:21 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/06/16 00:19:13 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/03/08 00:13:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/03/08 00:11:44 | 00,106,496 | ---- | C] () -- C:\Documents and Settings\minemine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/06 10:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/04/28 02:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/28 02:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/11/01 16:56:02 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/11/01 16:53:12 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2004/11/01 16:52:46 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/04 01:07:00 | 00,001,062 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 01:07:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/17 08:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL
[1998/06/13 23:53:26 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

========== LOP Check ==========

[2006/03/08 00:13:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/26 15:44:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2006/12/29 22:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/09/08 00:12:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2009/01/29 17:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/06/16 01:54:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/01/13 23:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/07/06 07:36:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/11 14:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/11/29 02:58:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/01/13 23:55:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/10/07 22:53:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2006/11/12 11:37:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/10/11 14:06:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/03/08 00:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2006/03/08 00:13:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\minemine\Application Data
[2009/10/08 13:51:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\minemine\Application Data\Dealio
[2009/10/08 08:59:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\minemine\Application Data\FreeFLVConverter
[2009/10/08 17:23:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\minemine\Application Data\PC Suite
[2009/10/08 13:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\minemine\Application Data\Search Settings
[2009/10/08 17:23:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\minemine\Application Data\Teleca
[2009/10/11 14:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\minemine\Application Data\Ulead Systems
[2004/08/04 09:07:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/24 17:15:02 | 00,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/10/14 14:13:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/14 17:07:38 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2008/12/07 17:52:54 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpy.job
[2009/10/08 15:10:24 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2009/10/12 01:18:02 | 00,000,958 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1592454029-839522115-500Core.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2004/08/04 01:07:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[6 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2004/08/04 01:07:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[6 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >

#8 rowe

New Member

Authentic Member
11 posts

Posted 14 October 2009 - 05:18 AM

heres my Extras.txt :-)

OTL Extras logfile created on: 10/14/2009 7:29:34 PM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\minemine\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.30 Mb Total Physical Memory | 130.09 Mb Available Physical Memory | 58.26% Memory free
661.66 Mb Paging File | 319.86 Mb Available in Paging File | 48.34% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 3.07 Gb Free Space | 15.72% Space Free | Partition Type: FAT32
Drive D: | 17.72 Gb Total Space | 4.64 Gb Free Space | 26.21% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XP-4FF4E76E9B2D
Current User Name: minemine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe" = C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe:*:Disabled:BookWorm -- ()
"E:\mad caps\madcaps_r1a.exe" = E:\mad caps\madcaps_r1a.exe:*:Disabled:Mad Caps -- File not found
"C:\Program Files\PopCap Games\AstroPop Deluxe\WinAP.exe" = C:\Program Files\PopCap Games\AstroPop Deluxe\WinAP.exe:*:Disabled:AstroPop Deluxe -- File not found
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe" = C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Disabled:mRouterRuntime Module -- (Intuwave Ltd.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"D:\GOB\virus\limewire\LimeWire.exe" = D:\GOB\virus\limewire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"D:\gob\bittorrent\bittorrent.exe" = D:\gob\bittorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1 -- (Sony Creative Software Inc.)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0096A731-71DB-4969-AF1A-651698B246A5}" = Sony Ericsson Media Manager 1.1
"{06040081-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Premium 2006 DVD
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.2
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E76BE75-F256-4BA4-A9A3-F433AD3D2D00}" = Sony Ericsson PC Suite for Smartphones
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 16
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.05
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = Sony Ericsson PC Suite for Smartphones
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"BookWorm Deluxe 1.03" = BookWorm Deluxe 1.03
"CCleaner" = CCleaner (remove only)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"Ear Training 1013.1" = Ear Training 101
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Express" = Express Dictate
"Free FLV Converter_is1" = Free FLV Converter V 6.7.1
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"mRouterRuntime" =
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nokia PC Suite" = Nokia PC Suite
"Photo Collage Creator_is1" = Photo Collage Creator 1.55
"SLAMRNTV" = Smart Link 56K Voice Modem
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/31/2008 6:04:55 AM | Computer Name = XP-4FF4E76E9B2D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://images.friend...12C/js/jsjac.js failed, 0000A413.

Error - 12/31/2008 12:50:05 PM | Computer Name = XP-4FF4E76E9B2D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://images.friend...12C/js/jsjac.js failed, 0000A413.

Error - 1/12/2009 7:55:07 AM | Computer Name = XP-4FF4E76E9B2D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://images.friend...12C/js/jsjac.js failed, 0000A413.

Error - 1/14/2009 7:48:41 AM | Computer Name = XP-4FF4E76E9B2D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://images.friend...12C/js/jsjac.js failed, 0000A413.

Error - 1/17/2009 2:29:48 AM | Computer Name = XP-4FF4E76E9B2D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://images.friend...12C/js/jsjac.js failed, 0000A413.

Error - 1/22/2009 12:06:08 PM | Computer Name = XP-4FF4E76E9B2D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://images.friend...12C/js/jsjac.js failed, 0000A413.

Error - 1/29/2009 6:30:31 PM | Computer Name = XP-4FF4E76E9B2D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://images.friend...01B/js/jsjac.js failed, 0000A413.

Error - 1/30/2009 7:11:46 AM | Computer Name = XP-4FF4E76E9B2D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://images.friend...01B/js/jsjac.js failed, 0000A413.

Error - 2/11/2009 6:47:50 PM | Computer Name = XP-4FF4E76E9B2D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://images.friend...1B1/js/jsjac.js failed, 0000A413.

Error - 3/7/2006 12:23:08 PM | Computer Name = XP-4FF4E76E9B2D | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnDropFiles()
- User can drop files into USER section only..

[ Application Events ]
Error - 10/11/2009 9:37:44 PM | Computer Name = XP-4FF4E76E9B2D | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/13/2009 7:18:48 AM | Computer Name = XP-4FF4E76E9B2D | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2009 7:18:49 AM | Computer Name = XP-4FF4E76E9B2D | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2009 7:18:49 AM | Computer Name = XP-4FF4E76E9B2D | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2009 7:18:49 AM | Computer Name = XP-4FF4E76E9B2D | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2009 7:18:49 AM | Computer Name = XP-4FF4E76E9B2D | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2009 7:18:49 AM | Computer Name = XP-4FF4E76E9B2D | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2009 7:18:49 AM | Computer Name = XP-4FF4E76E9B2D | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2009 7:18:53 AM | Computer Name = XP-4FF4E76E9B2D | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2009 7:18:53 AM | Computer Name = XP-4FF4E76E9B2D | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/14/2009 1:55:40 AM | Computer Name = XP-4FF4E76E9B2D | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/14/2009 1:58:42 AM | Computer Name = XP-4FF4E76E9B2D | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 10/14/2009 2:15:18 AM | Computer Name = XP-4FF4E76E9B2D | Source = Service Control Manager | ID = 7000
Description = The C service failed to start due to the following error: %%2

Error - 10/14/2009 2:15:51 AM | Computer Name = XP-4FF4E76E9B2D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 10/14/2009 2:15:51 AM | Computer Name = XP-4FF4E76E9B2D | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 10/14/2009 2:16:31 AM | Computer Name = XP-4FF4E76E9B2D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 10/14/2009 2:16:31 AM | Computer Name = XP-4FF4E76E9B2D | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 10/14/2009 2:17:09 AM | Computer Name = XP-4FF4E76E9B2D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 10/14/2009 2:17:09 AM | Computer Name = XP-4FF4E76E9B2D | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 10/14/2009 2:18:13 AM | Computer Name = XP-4FF4E76E9B2D | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

#9 rowe

New Member

Authentic Member
11 posts

Posted 14 October 2009 - 05:20 AM

also there is no C:\Combofix.txt . :mellow:

#10 chamber

G2G Staff

Authentic Member
140 posts

Posted 14 October 2009 - 05:57 AM

I'm not really seeing anyting in there, Is there a sepcific error that shows when you try to use Malwrebytes?

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware.

Advertisements

Register to Remove

#11 rowe

New Member

Authentic Member
11 posts

Posted 14 October 2009 - 06:15 AM

when i run malwarebytes, it scans for maybe 5 seconds then shows this response "Run-time error '5' Invalid procedure call or arguments", then closes. when i run ad-aware by lavasoft, it shows "System error: 1814 has occured. Description: Could not login to service. Are you running this application as another user? Application terminates." but when i use avast, it has no problems whatsoever. that's why i became suspicious. what should i do? :mellow:

#12 chamber

G2G Staff

Authentic Member
140 posts

Posted 14 October 2009 - 06:28 AM

Delete the copy of ComboFix if you still have it.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware.

#13 rowe

New Member

Authentic Member
11 posts

Posted 14 October 2009 - 07:35 AM

chamber, i can't remove combofix using "combofix /u" in the run command. how can i remove it?

#14 chamber

G2G Staff

Authentic Member
140 posts

Posted 14 October 2009 - 08:15 AM

Just delete the .exe file if it is on your desktop. Don't worry about ComboFix /u

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware.

#15 rowe

New Member

Authentic Member
11 posts

Posted 14 October 2009 - 09:16 AM

here's my Combo-fix.txt result. i wonder why are there a lot of "FOUND" folders in my C drive? from "FOUND.000" to "FOUND.068". :huh:

ComboFix 09-10-13.04 - minemine 10/14/2009 22:58.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223.93 [GMT 8:00]
Running from: c:\documents and settings\minemine\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1229 [VPS 091013-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettingsKit.exe
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Application Data\QUAD Backups
c:\documents and settings\Administrator\Application Data\QUAD Backups\09.13.2009,09-04-59\Automatic.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\09.13.2009,09-23-21\Automatic.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\10.06.2009,06-31-00\Automatic.reg
c:\documents and settings\Administrator\Application Data\QUAD Backups\10.06.2009,13-28-15\Automatic.reg
c:\program files\Common Files\System\Uninstall
c:\program files\Internet Explorer\ws2help.dll
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Registration.reg
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\program files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Uninstal.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\program files\Windows Media Player\ws2help.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\104077.msp
c:\windows\Installer\104078.msp
c:\windows\Installer\104079.msp
c:\windows\Installer\10407a.msp
c:\windows\Installer\10407b.msp
c:\windows\Installer\10407c.msp
c:\windows\Installer\10407d.msp
c:\windows\Installer\10407e.msp
c:\windows\Installer\10407f.msp
c:\windows\Installer\14c24fe.msp
c:\windows\Installer\14c24ff.msp
c:\windows\Installer\14c2500.msp
c:\windows\Installer\14c2501.msp
c:\windows\Installer\14c2502.msp
c:\windows\Installer\14c2503.msp
c:\windows\Installer\14c2504.msp
c:\windows\Installer\14c2505.msp
c:\windows\Installer\14c2506.msp
c:\windows\Installer\1576202.msp
c:\windows\Installer\1576203.msp
c:\windows\Installer\1576204.msp
c:\windows\Installer\1576205.msp
c:\windows\Installer\1576206.msp
c:\windows\Installer\1576207.msp
c:\windows\Installer\1576208.msp
c:\windows\Installer\1576209.msp
c:\windows\Installer\157620a.msp
c:\windows\Installer\158910.msp
c:\windows\Installer\158911.msp
c:\windows\Installer\158912.msp
c:\windows\Installer\158913.msp
c:\windows\Installer\158914.msp
c:\windows\Installer\158915.msp
c:\windows\Installer\158916.msp
c:\windows\Installer\158917.msp
c:\windows\Installer\158918.msp
c:\windows\Installer\1600e0.msp
c:\windows\Installer\1600e1.msp
c:\windows\Installer\1600e2.msp
c:\windows\Installer\1600e3.msp
c:\windows\Installer\1600e4.msp
c:\windows\Installer\1600e5.msp
c:\windows\Installer\1600e6.msp
c:\windows\Installer\1600e7.msp
c:\windows\Installer\1600e8.msp
c:\windows\Installer\195868.msp
c:\windows\Installer\195869.msp
c:\windows\Installer\19586a.msp
c:\windows\Installer\19586b.msp
c:\windows\Installer\19586c.msp
c:\windows\Installer\19586d.msp
c:\windows\Installer\19586e.msp
c:\windows\Installer\19586f.msp
c:\windows\Installer\195870.msp
c:\windows\Installer\1972e5.msp
c:\windows\Installer\1972e6.msp
c:\windows\Installer\1972e7.msp
c:\windows\Installer\1972e8.msp
c:\windows\Installer\1972e9.msp
c:\windows\Installer\1972ea.msp
c:\windows\Installer\1972eb.msp
c:\windows\Installer\1972ec.msp
c:\windows\Installer\1972ed.msp
c:\windows\Installer\1c12d32.msi
c:\windows\Installer\1c12d33.msp
c:\windows\Installer\1c12d34.msp
c:\windows\Installer\1c12d35.msp
c:\windows\Installer\1c12d36.msp
c:\windows\Installer\1c12d37.msp
c:\windows\Installer\1c12d38.msp
c:\windows\Installer\1c12d39.msp
c:\windows\Installer\1c12d3a.msp
c:\windows\Installer\1c12d3b.msp
c:\windows\Installer\2ba0f3.msp
c:\windows\Installer\2ba0f4.msp
c:\windows\Installer\2ba0f5.msp
c:\windows\Installer\2ba0f6.msp
c:\windows\Installer\2ba0f7.msp
c:\windows\Installer\2ba0f8.msp
c:\windows\Installer\2ba0f9.msp
c:\windows\Installer\2ba0fa.msp
c:\windows\Installer\2ba0fb.msp
c:\windows\Installer\2ca60e.msp
c:\windows\Installer\2ca60f.msp
c:\windows\Installer\2ca610.msp
c:\windows\Installer\2ca611.msp
c:\windows\Installer\2ca612.msp
c:\windows\Installer\2ca613.msp
c:\windows\Installer\2ca614.msp
c:\windows\Installer\2ca615.msp
c:\windows\Installer\2ca616.msp
c:\windows\Installer\2ed250.msp
c:\windows\Installer\2ed251.msp
c:\windows\Installer\2ed252.msp
c:\windows\Installer\2ed253.msp
c:\windows\Installer\2ed254.msp
c:\windows\Installer\2ed255.msp
c:\windows\Installer\2ed256.msp
c:\windows\Installer\2ed257.msp
c:\windows\Installer\2ed258.msp
c:\windows\Installer\35e260.msp
c:\windows\Installer\35e261.msp
c:\windows\Installer\35e262.msp
c:\windows\Installer\35e263.msp
c:\windows\Installer\35e264.msp
c:\windows\Installer\35e265.msp
c:\windows\Installer\35e266.msp
c:\windows\Installer\35e267.msp
c:\windows\Installer\35e268.msp
c:\windows\Installer\3653c7.msp
c:\windows\Installer\3653c8.msp
c:\windows\Installer\3653c9.msp
c:\windows\Installer\3653ca.msp
c:\windows\Installer\3653cb.msp
c:\windows\Installer\3653cc.msp
c:\windows\Installer\3653cd.msp
c:\windows\Installer\3653ce.msp
c:\windows\Installer\3653cf.msp
c:\windows\Installer\373a9d.msp
c:\windows\Installer\373a9e.msp
c:\windows\Installer\373a9f.msp
c:\windows\Installer\373aa0.msp
c:\windows\Installer\373aa1.msp
c:\windows\Installer\373aa2.msp
c:\windows\Installer\373aa3.msp
c:\windows\Installer\373aa4.msp
c:\windows\Installer\373aa5.msp
c:\windows\Installer\3b4a0b.msp
c:\windows\Installer\3b4a0c.msp
c:\windows\Installer\3b4a0d.msp
c:\windows\Installer\3b4a0e.msp
c:\windows\Installer\3b4a0f.msp
c:\windows\Installer\3b4a10.msp
c:\windows\Installer\3b4a11.msp
c:\windows\Installer\3b4a12.msp
c:\windows\Installer\3b4a13.msp
c:\windows\Installer\3cef8d.msp
c:\windows\Installer\3cef8e.msp
c:\windows\Installer\3cef8f.msp
c:\windows\Installer\3cef90.msp
c:\windows\Installer\3cef91.msp
c:\windows\Installer\3cef92.msp
c:\windows\Installer\3cef93.msp
c:\windows\Installer\3cef94.msp
c:\windows\Installer\3cef95.msp
c:\windows\Installer\3df286.msp
c:\windows\Installer\3df287.msp
c:\windows\Installer\3df288.msp
c:\windows\Installer\3df289.msp
c:\windows\Installer\3df28a.msp
c:\windows\Installer\3df28b.msp
c:\windows\Installer\3df28c.msp
c:\windows\Installer\3df28d.msp
c:\windows\Installer\3df28e.msp
c:\windows\Installer\44f35f.msp
c:\windows\Installer\44f360.msp
c:\windows\Installer\44f361.msp
c:\windows\Installer\44f362.msp
c:\windows\Installer\44f363.msp
c:\windows\Installer\44f364.msp
c:\windows\Installer\44f365.msp
c:\windows\Installer\44f366.msp
c:\windows\Installer\44f367.msp
c:\windows\Installer\4a7875.msp
c:\windows\Installer\4a7876.msp
c:\windows\Installer\4a7877.msp
c:\windows\Installer\4a7878.msp
c:\windows\Installer\4a7879.msp
c:\windows\Installer\4a787a.msp
c:\windows\Installer\4a787b.msp
c:\windows\Installer\4a787c.msp
c:\windows\Installer\4a787d.msp
c:\windows\Installer\4df353.msp
c:\windows\Installer\4df354.msp
c:\windows\Installer\4df355.msp
c:\windows\Installer\4df356.msp
c:\windows\Installer\4df357.msp
c:\windows\Installer\4df358.msp
c:\windows\Installer\4df359.msp
c:\windows\Installer\4df35a.msp
c:\windows\Installer\4df35b.msp
c:\windows\Installer\55461.msi
c:\windows\Installer\55462.msp
c:\windows\Installer\55463.msp
c:\windows\Installer\55464.msp
c:\windows\Installer\55465.msp
c:\windows\Installer\55466.msp
c:\windows\Installer\55467.msp
c:\windows\Installer\55468.msp
c:\windows\Installer\55469.msp
c:\windows\Installer\5546a.msp
c:\windows\Installer\586a86.msp
c:\windows\Installer\586a87.msp
c:\windows\Installer\586a88.msp
c:\windows\Installer\586a89.msp
c:\windows\Installer\586a8a.msp
c:\windows\Installer\586a8b.msp
c:\windows\Installer\586a8c.msp
c:\windows\Installer\586a8d.msp
c:\windows\Installer\586a8e.msp
c:\windows\Installer\5b678a.msp
c:\windows\Installer\5b678b.msp
c:\windows\Installer\5b678c.msp
c:\windows\Installer\5b678d.msp
c:\windows\Installer\5b678e.msp
c:\windows\Installer\5b678f.msp
c:\windows\Installer\5b6790.msp
c:\windows\Installer\5b6791.msp
c:\windows\Installer\5b6792.msp
c:\windows\Installer\5c9423.msp
c:\windows\Installer\5c9424.msp
c:\windows\Installer\5c9425.msp
c:\windows\Installer\5c9426.msp
c:\windows\Installer\5c9427.msp
c:\windows\Installer\5c9428.msp
c:\windows\Installer\5c9429.msp
c:\windows\Installer\5c942a.msp
c:\windows\Installer\5c942b.msp
c:\windows\Installer\655ede.msp
c:\windows\Installer\655edf.msp
c:\windows\Installer\655ee0.msp
c:\windows\Installer\655ee1.msp
c:\windows\Installer\655ee2.msp
c:\windows\Installer\655ee3.msp
c:\windows\Installer\655ee4.msp
c:\windows\Installer\655ee5.msp
c:\windows\Installer\655ee6.msp
c:\windows\Installer\6f07d5.msp
c:\windows\Installer\6f07d6.msp
c:\windows\Installer\6f07d7.msp
c:\windows\Installer\6f07d8.msp
c:\windows\Installer\6f07d9.msp
c:\windows\Installer\6f07da.msp
c:\windows\Installer\6f07db.msp
c:\windows\Installer\6f07dc.msp
c:\windows\Installer\6f07dd.msp
c:\windows\Installer\7c7238.msp
c:\windows\Installer\7c7239.msp
c:\windows\Installer\7c723a.msp
c:\windows\Installer\7c723b.msp
c:\windows\Installer\7c723c.msp
c:\windows\Installer\7c723d.msp
c:\windows\Installer\7c723e.msp
c:\windows\Installer\7c723f.msp
c:\windows\Installer\7c7240.msp
c:\windows\Installer\7ccf89.msi
c:\windows\Installer\7ccf8a.msp
c:\windows\Installer\7ccf8b.msp
c:\windows\Installer\7ccf8c.msp
c:\windows\Installer\7ccf8d.msp
c:\windows\Installer\7ccf8e.msp
c:\windows\Installer\7ccf8f.msp
c:\windows\Installer\7ccf90.msp
c:\windows\Installer\7ccf91.msp
c:\windows\Installer\7ccf92.msp
c:\windows\Installer\81271d.msp
c:\windows\Installer\81271e.msp
c:\windows\Installer\81271f.msp
c:\windows\Installer\812720.msp
c:\windows\Installer\812721.msp
c:\windows\Installer\812722.msp
c:\windows\Installer\812723.msp
c:\windows\Installer\812724.msp
c:\windows\Installer\812725.msp
c:\windows\Installer\83c806.msp
c:\windows\Installer\83c807.msp
c:\windows\Installer\83c808.msp
c:\windows\Installer\83c809.msp
c:\windows\Installer\83c80a.msp
c:\windows\Installer\83c80b.msp
c:\windows\Installer\83c80c.msp
c:\windows\Installer\83c80d.msp
c:\windows\Installer\83c80e.msp
c:\windows\Installer\93ca2b.msp
c:\windows\Installer\93ca2c.msp
c:\windows\Installer\93ca2d.msp
c:\windows\Installer\93ca2e.msp
c:\windows\Installer\93ca2f.msp
c:\windows\Installer\93ca30.msp
c:\windows\Installer\93ca31.msp
c:\windows\Installer\93ca32.msp
c:\windows\Installer\93ca33.msp
c:\windows\Installer\942b95.msp
c:\windows\Installer\942b96.msp
c:\windows\Installer\942b97.msp
c:\windows\Installer\942b98.msp
c:\windows\Installer\942b99.msp
c:\windows\Installer\942b9a.msp
c:\windows\Installer\942b9b.msp
c:\windows\Installer\942b9c.msp
c:\windows\Installer\942b9d.msp
c:\windows\Installer\a4c130.msp
c:\windows\Installer\a4c131.msp
c:\windows\Installer\a4c132.msp
c:\windows\Installer\a4c133.msp
c:\windows\Installer\a4c134.msp
c:\windows\Installer\a4c135.msp
c:\windows\Installer\a4c136.msp
c:\windows\Installer\a4c137.msp
c:\windows\Installer\a4c138.msp
c:\windows\Installer\a576d4.msp
c:\windows\Installer\a576d5.msp
c:\windows\Installer\a576d6.msp
c:\windows\Installer\a576d7.msp
c:\windows\Installer\a576d8.msp
c:\windows\Installer\a576d9.msp
c:\windows\Installer\a576da.msp
c:\windows\Installer\a576db.msp
c:\windows\Installer\a576dc.msp
c:\windows\Installer\a585f7.msp
c:\windows\Installer\a585f8.msp
c:\windows\Installer\a585f9.msp
c:\windows\Installer\a585fa.msp
c:\windows\Installer\a585fb.msp
c:\windows\Installer\a585fc.msp
c:\windows\Installer\a585fd.msp
c:\windows\Installer\a585fe.msp
c:\windows\Installer\a585ff.msp
c:\windows\Installer\a75e22.msp
c:\windows\Installer\a75e23.msp
c:\windows\Installer\a75e24.msp
c:\windows\Installer\a75e25.msp
c:\windows\Installer\a75e26.msp
c:\windows\Installer\a75e27.msp
c:\windows\Installer\a75e28.msp
c:\windows\Installer\a75e29.msp
c:\windows\Installer\a75e2a.msp
c:\windows\Installer\a78060.msp
c:\windows\Installer\a78061.msp
c:\windows\Installer\a78062.msp
c:\windows\Installer\a78063.msp
c:\windows\Installer\a78064.msp
c:\windows\Installer\a78065.msp
c:\windows\Installer\a78066.msp
c:\windows\Installer\a78067.msp
c:\windows\Installer\a78068.msp
c:\windows\Installer\a791a5.msp
c:\windows\Installer\a791a6.msp
c:\windows\Installer\a791a7.msp
c:\windows\Installer\a791a8.msp
c:\windows\Installer\a791a9.msp
c:\windows\Installer\a791aa.msp
c:\windows\Installer\a791ab.msp
c:\windows\Installer\a791ac.msp
c:\windows\Installer\a791ad.msp
c:\windows\Installer\bd330f.msp
c:\windows\Installer\c2a13.msi
c:\windows\Installer\c2a14.msp
c:\windows\Installer\c2a15.msp
c:\windows\Installer\c2a16.msp
c:\windows\Installer\c2a17.msp
c:\windows\Installer\c2a18.msp
c:\windows\Installer\c2a19.msp
c:\windows\Installer\c2a1a.msp
c:\windows\Installer\c2a1b.msp
c:\windows\Installer\c2a1c.msp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-14 13:15 . 2009-10-14 13:15 -------- d-----w- C:\FOUND.068
2009-10-14 11:16 . 2009-10-14 11:16 -------- d-----w- c:\program files\ERUNT
2009-10-14 06:28 . 2009-10-14 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-13 14:53 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-13 14:53 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-13 14:52 . 2009-10-13 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-11 06:11 . 2009-10-11 06:11 -------- d-----w- c:\documents and settings\minemine\Application Data\Ulead Systems
2009-10-11 06:09 . 2009-10-11 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-10-11 06:09 . 2008-04-01 13:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-10-11 06:09 . 2008-04-01 13:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-10-11 06:09 . 2008-04-01 13:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-10-11 06:09 . 2008-04-01 13:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-10-11 06:09 . 2008-04-01 13:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-10-11 06:09 . 2008-04-01 13:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2009-10-11 06:07 . 2009-10-11 06:08 -------- d-----w- c:\program files\Windows Media Components
2009-10-11 06:06 . 2009-10-11 06:06 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-10-11 06:06 . 2009-10-11 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-10-11 06:03 . 2009-10-11 06:03 -------- d-----w- c:\program files\Corel
2009-10-11 06:02 . 2009-10-11 06:03 -------- d-----w- c:\documents and settings\minemine\Application Data\InstallShield
2009-10-09 06:23 . 2009-10-09 06:23 -------- d-----w- c:\documents and settings\minemine\Application Data\Apple Computer
2009-10-09 06:23 . 2009-10-13 10:51 85984 ----a-w- c:\documents and settings\minemine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-08 09:23 . 2009-10-08 09:23 -------- d-----w- c:\documents and settings\minemine\Application Data\Teleca
2009-10-08 09:23 . 2009-10-08 09:23 -------- d-----w- c:\documents and settings\minemine\Phone Browser
2009-10-08 09:23 . 2009-10-08 09:23 -------- d-----w- c:\documents and settings\minemine\Application Data\PC Suite
2009-10-08 09:22 . 2009-10-08 09:22 -------- d-----w- c:\documents and settings\minemine\Application Data\Sony Ericsson
2009-10-08 07:21 . 2009-10-08 07:21 -------- d-----w- c:\documents and settings\minemine\Local Settings\Application Data\Google
2009-10-08 07:20 . 2009-10-08 07:21 -------- d-----w- c:\documents and settings\minemine\Local Settings\Application Data\ApplicationHistory
2009-10-08 07:18 . 2009-10-08 07:18 -------- d-----w- c:\documents and settings\minemine\Local Settings\Application Data\PCHealth
2009-10-08 06:15 . 2009-10-08 06:15 -------- d-----w- C:\minemine
2009-10-08 05:51 . 2009-10-08 05:51 -------- d-----w- c:\documents and settings\minemine\Application Data\Search Settings
2009-10-08 05:51 . 2009-10-08 05:51 -------- d-----w- c:\documents and settings\minemine\Application Data\Dealio
2009-10-08 01:00 . 2009-10-02 03:50 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2009-10-08 00:59 . 2009-06-19 11:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-10-08 00:59 . 2009-06-19 11:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2009-10-08 00:59 . 2009-06-19 11:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-10-08 00:59 . 2009-06-19 11:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-10-08 00:59 . 2009-10-08 00:59 -------- d-----w- c:\program files\Free FLV Converter
2009-10-08 00:59 . 2009-10-08 00:59 -------- d-----w- c:\documents and settings\minemine\Application Data\FreeFLVConverter
2009-10-07 23:58 . 2009-10-07 23:58 -------- d-----w- c:\documents and settings\minemine\Local Settings\Application Data\Apple Computer
2009-10-07 23:41 . 2009-10-07 23:41 -------- d-----w- c:\program files\YouTube Downloader
2009-10-07 23:13 . 2009-10-07 23:13 -------- d-----w- c:\documents and settings\minemine\Local Settings\Application Data\VDT
2009-10-07 21:38 . 2009-10-07 21:38 -------- d-s---w- c:\documents and settings\minemine\UserData
2009-10-06 09:22 . 2003-11-19 06:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2009-10-06 09:22 . 2004-05-11 02:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2009-10-06 09:22 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-10-05 23:58 . 2009-10-08 05:55 34816 ----a-w- c:\windows\system32\drivers\.sys
2009-10-04 22:18 . 2009-10-04 22:18 -------- d-----w- c:\windows\BDOSCAN8
2009-10-04 12:43 . 2009-10-04 12:43 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-10-02 17:48 . 2009-10-02 17:48 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 16:12 . 2009-09-07 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2009-09-07 16:11 . 2009-09-07 16:11 -------- d-----w- c:\program files\Autorun Eater
2009-09-07 15:45 . 2009-09-07 15:45 -------- d-----w- c:\program files\MSBuild
2009-09-07 15:45 . 2009-09-07 15:45 -------- d-----w- c:\program files\Reference Assemblies
2009-09-07 15:15 . 2009-09-07 15:15 -------- d-----w- c:\program files\USB Disk Security
2009-08-05 09:11 . 2004-08-03 17:07 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 07:23 . 2008-09-06 10:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 18:55 . 2004-08-03 17:07 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-06-20 1056768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-11 147456]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-06-20 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\documents and settings\Administrator\Desktop\unused shortcuts\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-11-2 256000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-09-10 38224]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

.
Contents of the 'Scheduled Tasks' folder

2009-10-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-28 16:10]

2009-10-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2006-03-07 14:18]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1592454029-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-09 06:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.msn.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
WebBrowser-{E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - (no file)
HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
AddRemove-Photo Collage Creator_is1 - d:\gob\collage software\gigs]\Photo Collage Creator\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 23:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

- - - - - - - > 'explorer.exe'(1896)
c:\windows\system32\WPDShServiceObj.dll
c:\documents and settings\Administrator\Desktop\unused shortcuts\Nokia PC Suite 6\PhoneBrowser.dll
c:\documents and settings\Administrator\Desktop\unused shortcuts\Nokia PC Suite 6\PCSCM.dll
c:\documents and settings\Administrator\Desktop\unused shortcuts\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\documents and settings\Administrator\Desktop\unused shortcuts\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\slserv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-10-14 23:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-14 15:26

Pre-Run: 3,855,958,016 bytes free
Post-Run: 3,891,609,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

615 --- E O F --- 2009-10-12 01:37

Body Background

skin color theme