Solved start up problem

bracklapiper · 2012/02/09

[Resolved] start up problem

hi was wondering if my main computer has a virus or two. when i start up now and again it will load fine go for about 10mins till a hour then then monitor goes black and it saying monitor going to sleep flashing on and off constantly.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dad & Mum :: STEWART [administrator]

10/02/2012 13:34:48
mbam-log-2012-02-10 (13-34-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 407068
Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-10 15:50:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160023AS rev.3.00
Running: k8re2ksb.exe; Driver: D:\DOCUME~1\DAD&MU~1\LOCALS~1\Temp\ufrdypob.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF61A9380, 0x8D6CD5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe[180] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008D0001
.text C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe[180] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe[180] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text D:\Documents and Settings\stewart family\Start Menu\Programs\Image Expert\IXApplet.exe[216] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001
.text D:\Documents and Settings\stewart family\Start Menu\Programs\Image Expert\IXApplet.exe[216] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text D:\Documents and Settings\stewart family\Start Menu\Programs\Image Expert\IXApplet.exe[216] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[220] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D70001
.text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[220] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[220] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[248] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02490001
.text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[248] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[248] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[280] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E80001
.text C:\Program Files\Java\jre6\bin\jqs.exe[280] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[280] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\RTHDCPL.EXE[412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A30001
.text C:\WINDOWS\RTHDCPL.EXE[412] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\RTHDCPL.EXE[412] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01380001
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[432] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[432] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[488] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01730001
.text C:\WINDOWS\system32\nvsvc32.exe[488] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\nvsvc32.exe[488] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[516] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[516] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[516] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\winlogon.exe[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01850001
.text C:\WINDOWS\system32\winlogon.exe[592] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\winlogon.exe[592] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[608] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001
.text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[608] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[608] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[616] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00990001
.text C:\Program Files\iPod\bin\iPodService.exe[616] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\iPod\bin\iPodService.exe[616] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[628] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A40F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[628] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DD0001
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[676] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[676] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BC0001
.text C:\Program Files\iTunes\iTunesHelper.exe[700] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[700] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01230001
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01250001
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe[892] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001
.text C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe[892] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe[892] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[900] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[900] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E00001
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F00001
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1012] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03AE0001
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1012] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1012] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 022B0001
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D70001
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01390001
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\System32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01B20001
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[1536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CE0001
.text C:\Program Files\Microsoft Security Client\msseces.exe[1536] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[1536] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DA0001
.text C:\WINDOWS\system32\spoolsv.exe[1620] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\spoolsv.exe[1620] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02A70001
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1732] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 719F0F5A
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[1732] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[1884] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016F0001
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[1884] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[1884] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017C0001
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1904] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01300001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1916] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 719F0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1916] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[1940] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[1940] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[1940] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1952] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2040] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AA0001
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2040] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2040] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe[2044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01660001
.text c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe[2044] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe[2044] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2112] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2112] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\slserv.exe[2120] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B50001
.text C:\WINDOWS\system32\slserv.exe[2120] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\slserv.exe[2120] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008E0001
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\System32\svchost.exe[2260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008E0001
.text C:\WINDOWS\System32\svchost.exe[2260] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\System32\svchost.exe[2260] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2296] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008C0001
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2296] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2296] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2352] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2352] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[2352] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[2420] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001
.text C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[2420] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A60F5A
.text C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[2420] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Apps\Powercinema\PCMService.exe[2488] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E20001
.text C:\Apps\Powercinema\PCMService.exe[2488] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Apps\Powercinema\PCMService.exe[2488] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00840001
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A60F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2532] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2568] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A60F5A
.text C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2568] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[2584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E40001
.text C:\WINDOWS\system32\SearchIndexer.exe[2584] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[2584] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[2584] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B40001
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2620] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2620] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text c:\APPS\Powercinema\Kernel\TV\CLSched.exe[2752] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B50001
.text c:\APPS\Powercinema\Kernel\TV\CLSched.exe[2752] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text c:\APPS\Powercinema\Kernel\TV\CLSched.exe[2752] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F30001
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2764] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2764] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2780] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001
.text C:\WINDOWS\system32\ctfmon.exe[2780] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\ctfmon.exe[2780] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2812] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2812] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[3168] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[3168] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[3168] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3196] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007F0001
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3196] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3196] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008E0001
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A10F5A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3400] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3400] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B60001
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3636] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3636] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F90001
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\Explorer.EXE[3856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E00001
.text C:\WINDOWS\Explorer.EXE[3856] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\Explorer.EXE[3856] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[3868] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B40001
.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[3868] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[3868] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\notepad.exe[4776] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B60001
.text C:\WINDOWS\notepad.exe[4776] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\notepad.exe[4776] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4848] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Documents and Settings\Dad & Mum\Desktop\k8re2ksb.exe[7624] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C10001
.text D:\Documents and Settings\Dad & Mum\Desktop\k8re2ksb.exe[7624] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text D:\Documents and Settings\Dad & Mum\Desktop\k8re2ksb.exe[7624] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

bracklapiper · 2012/02/09

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 15:51:24
-----------------------------
15:51:24.765 OS Version: Windows 5.1.2600 Service Pack 3
15:51:24.765 Number of processors: 1 586 0x401
15:51:24.765 ComputerName: STEWART UserName:
15:51:25.140 Initialize success
15:51:39.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:51:39.875 Disk 0 Vendor: ST3160023AS 3.00 Size: 152627MB BusType: 3
15:51:39.921 Disk 0 MBR read successfully
15:51:39.921 Disk 0 MBR scan
15:51:39.921 Disk 0 Windows XP default MBR code
15:51:39.937 Disk 0 Partition 1 00 1B Hidd FAT32 MSWIN4.1 7993 MB offset 63
15:51:39.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 30710 MB offset 16370235
15:51:40.015 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 113906 MB offset 79280775
15:51:40.031 Disk 0 scanning sectors +312560640
15:51:40.265 Disk 0 scanning C:\WINDOWS\system32\drivers
15:52:33.546 Service scanning
15:52:34.109 Service MpKsl5384c4f9 d:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EEF4F594-8962-4E6C-92C0-DF8F554E5C69}\MpKsl5384c4f9.sys **LOCKED** 32
15:52:34.734 Modules scanning
15:53:36.187 Disk 0 trace - called modules:
15:53:36.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:53:36.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877ce030]
15:53:36.625 3 CLASSPNP.SYS[f755bfd7] -> nt!IofCallDriver -> \Device\0000009a[0x877cff18]
15:53:36.625 5 ACPI.sys[f7372620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x877d0d98]
15:53:36.625 Scan finished successfully
15:56:23.593 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\Dad & Mum\Desktop\MBR.dat "
15:56:23.593 The log file has been saved successfully to "D:\Documents and Settings\Dad & Mum\Desktop\aswMBR.txt "

i tried to run the dds one wouldn't open up atall the other would open quickly then disappear not sure what to do now.

broni · 2012/02/09

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

bracklapiper · 2012/02/10

06:08:45.0718 8060 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
06:08:45.0875 8060 ============================================================
06:08:45.0875 8060 Current date / time: 2012/02/11 06:08:45.0875
06:08:45.0875 8060 SystemInfo:
06:08:45.0875 8060
06:08:45.0875 8060 OS Version: 5.1.2600 ServicePack: 3.0
06:08:45.0875 8060 Product type: Workstation
06:08:45.0875 8060 ComputerName: STEWART
06:08:45.0875 8060 UserName: Dad & Mum
06:08:45.0875 8060 Windows directory: C:\WINDOWS
06:08:45.0875 8060 System windows directory: C:\WINDOWS
06:08:45.0875 8060 Processor architecture: Intel x86
06:08:45.0875 8060 Number of processors: 1
06:08:45.0875 8060 Page size: 0x1000
06:08:45.0875 8060 Boot type: Normal boot
06:08:45.0875 8060 ============================================================
06:08:48.0140 8060 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:08:48.0140 8060 \Device\Harddisk0\DR0:
06:08:48.0140 8060 MBR used
06:08:48.0140 8060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xF9CA3B, BlocksNum 0x3BFB18B
06:08:48.0140 8060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4B9BA87, BlocksNum 0xDE79179
06:08:48.0171 8060 Initialize success
06:08:48.0171 8060 ============================================================
06:08:52.0046 5864 ============================================================
06:08:52.0046 5864 Scan started
06:08:52.0046 5864 Mode: Manual;
06:08:52.0046 5864 ============================================================
06:08:53.0234 5864 Abiosdsk - ok
06:08:53.0296 5864 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:08:53.0296 5864 abp480n5 - ok
06:08:53.0328 5864 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:08:53.0343 5864 ACPI - ok
06:08:53.0375 5864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:08:53.0375 5864 ACPIEC - ok
06:08:53.0421 5864 ADILOADER (2b3b8c0a2c979dd77ba6dc9376074854) C:\WINDOWS\system32\Drivers\adildr.sys
06:08:53.0421 5864 ADILOADER - ok
06:08:53.0453 5864 adiusbaw (d478c566318803a7063b120f026dc0b7) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
06:08:53.0453 5864 adiusbaw - ok
06:08:53.0484 5864 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:08:53.0484 5864 adpu160m - ok
06:08:53.0531 5864 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:08:53.0546 5864 aec - ok
06:08:53.0593 5864 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:08:53.0593 5864 AFD - ok
06:08:53.0625 5864 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:08:53.0625 5864 agp440 - ok
06:08:53.0640 5864 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:08:53.0640 5864 agpCPQ - ok
06:08:53.0671 5864 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:08:53.0671 5864 Aha154x - ok
06:08:53.0687 5864 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:08:53.0703 5864 aic78u2 - ok
06:08:53.0718 5864 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:08:53.0718 5864 aic78xx - ok
06:08:53.0765 5864 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:08:53.0765 5864 AliIde - ok
06:08:53.0796 5864 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:08:53.0796 5864 alim1541 - ok
06:08:53.0812 5864 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:08:53.0812 5864 amdagp - ok
06:08:53.0843 5864 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
06:08:53.0843 5864 amsint - ok
06:08:53.0890 5864 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:08:53.0906 5864 Arp1394 - ok
06:08:53.0937 5864 ASAPIW2k (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
06:08:53.0937 5864 ASAPIW2k - ok
06:08:53.0968 5864 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
06:08:53.0968 5864 asc - ok
06:08:53.0984 5864 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:08:53.0984 5864 asc3350p - ok
06:08:54.0000 5864 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:08:54.0015 5864 asc3550 - ok
06:08:54.0078 5864 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
06:08:54.0078 5864 Aspi32 - ok
06:08:54.0109 5864 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:08:54.0125 5864 AsyncMac - ok
06:08:54.0156 5864 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:08:54.0156 5864 atapi - ok
06:08:54.0171 5864 Atdisk - ok
06:08:54.0203 5864 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:08:54.0218 5864 Atmarpc - ok
06:08:54.0234 5864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:08:54.0234 5864 audstub - ok
06:08:54.0265 5864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:08:54.0265 5864 Beep - ok
06:08:54.0296 5864 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:08:54.0296 5864 cbidf - ok
06:08:54.0328 5864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:08:54.0328 5864 cbidf2k - ok
06:08:54.0359 5864 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:08:54.0375 5864 CCDECODE - ok
06:08:54.0390 5864 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:08:54.0390 5864 cd20xrnt - ok
06:08:54.0421 5864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:08:54.0421 5864 Cdaudio - ok
06:08:54.0437 5864 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:08:54.0437 5864 Cdfs - ok
06:08:54.0468 5864 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:08:54.0468 5864 Cdrom - ok
06:08:54.0484 5864 Changer - ok
06:08:54.0531 5864 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:08:54.0546 5864 CmdIde - ok
06:08:54.0578 5864 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:08:54.0578 5864 Cpqarray - ok
06:08:54.0609 5864 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:08:54.0625 5864 dac2w2k - ok
06:08:54.0640 5864 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:08:54.0640 5864 dac960nt - ok
06:08:54.0687 5864 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
06:08:54.0687 5864 DCamUSBEMPIA - ok
06:08:54.0734 5864 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:08:54.0734 5864 Disk - ok
06:08:54.0781 5864 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:08:54.0781 5864 dmboot - ok
06:08:54.0812 5864 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:08:54.0828 5864 dmio - ok
06:08:54.0859 5864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:08:54.0875 5864 dmload - ok
06:08:55.0000 5864 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:08:55.0000 5864 DMusic - ok
06:08:55.0078 5864 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:08:55.0078 5864 dpti2o - ok
06:08:55.0093 5864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:08:55.0093 5864 drmkaud - ok
06:08:55.0140 5864 eeCtrl - ok
06:08:55.0187 5864 ElbyCDFL (075d91e4de09a6f1ede77c341803d454) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
06:08:55.0187 5864 ElbyCDFL - ok
06:08:55.0203 5864 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
06:08:55.0203 5864 ElbyCDIO - ok
06:08:55.0250 5864 emAudio (ffa45148a2d5d05dbb3c0997e579fc9c) C:\WINDOWS\system32\drivers\emAudio.sys
06:08:55.0250 5864 emAudio - ok
06:08:55.0312 5864 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:08:55.0328 5864 Fastfat - ok
06:08:55.0359 5864 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:08:55.0359 5864 Fdc - ok
06:08:55.0390 5864 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
06:08:55.0390 5864 FiltUSBEMPIA - ok
06:08:55.0421 5864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:08:55.0437 5864 Fips - ok
06:08:55.0468 5864 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:08:55.0468 5864 Flpydisk - ok
06:08:55.0500 5864 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:08:55.0500 5864 FltMgr - ok
06:08:55.0515 5864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:08:55.0515 5864 Fs_Rec - ok
06:08:55.0546 5864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:08:55.0546 5864 Ftdisk - ok
06:08:55.0593 5864 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
06:08:55.0593 5864 GEARAspiWDM - ok
06:08:55.0625 5864 GenPort (6d36c4d933d3ec4dda83ad5f51b1a247) C:\WINDOWS\system32\drivers\GenPort.sys
06:08:55.0625 5864 GenPort - ok
06:08:55.0656 5864 GenPort2 (23d9e0278e458b4c5a84f86f901a6a56) C:\WINDOWS\system32\drivers\GenPort2.sys
06:08:55.0656 5864 GenPort2 - ok
06:08:55.0703 5864 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:08:55.0703 5864 Gpc - ok
06:08:55.0734 5864 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
06:08:55.0734 5864 HdAudAddService - ok
06:08:55.0781 5864 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:08:55.0781 5864 HDAudBus - ok
06:08:55.0812 5864 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:08:55.0812 5864 HidUsb - ok
06:08:55.0859 5864 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
06:08:55.0859 5864 hpn - ok
06:08:55.0921 5864 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:08:55.0921 5864 HTTP - ok
06:08:55.0953 5864 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:08:55.0953 5864 i2omgmt - ok
06:08:55.0968 5864 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:08:55.0968 5864 i2omp - ok
06:08:56.0000 5864 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:08:56.0015 5864 i8042prt - ok
06:08:56.0031 5864 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:08:56.0046 5864 Imapi - ok
06:08:56.0078 5864 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:08:56.0078 5864 ini910u - ok
06:08:56.0218 5864 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
06:08:56.0312 5864 IntcAzAudAddService - ok
06:08:56.0343 5864 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:08:56.0343 5864 IntelIde - ok
06:08:56.0375 5864 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:08:56.0390 5864 intelppm - ok
06:08:56.0421 5864 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:08:56.0421 5864 Ip6Fw - ok
06:08:56.0453 5864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:08:56.0453 5864 IpFilterDriver - ok
06:08:56.0484 5864 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:08:56.0484 5864 IpInIp - ok
06:08:56.0515 5864 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:08:56.0531 5864 IpNat - ok
06:08:56.0562 5864 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:08:56.0562 5864 IPSec - ok
06:08:56.0609 5864 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:08:56.0609 5864 IRENUM - ok
06:08:56.0640 5864 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:08:56.0640 5864 isapnp - ok
06:08:56.0687 5864 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
06:08:56.0687 5864 k750bus - ok
06:08:56.0718 5864 k750mgmt (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
06:08:56.0718 5864 k750mgmt - ok
06:08:56.0750 5864 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
06:08:56.0750 5864 k750obex - ok
06:08:56.0796 5864 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:08:56.0796 5864 Kbdclass - ok
06:08:56.0828 5864 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:08:56.0828 5864 kbdhid - ok
06:08:56.0859 5864 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:08:56.0859 5864 kmixer - ok
06:08:56.0906 5864 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:08:56.0906 5864 KSecDD - ok
06:08:56.0937 5864 L8042mou (fd1d572c705bd70953621da8334f5a5c) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
06:08:56.0953 5864 L8042mou - ok
06:08:56.0968 5864 lbrtfdc - ok
06:08:57.0015 5864 LMouKE (e424eb5f4fcf486490a17bea3dfc64a9) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
06:08:57.0015 5864 LMouKE - ok
06:08:57.0062 5864 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
06:08:57.0062 5864 MarvinBus - ok
06:08:57.0109 5864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:08:57.0109 5864 mnmdd - ok
06:08:57.0156 5864 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:08:57.0156 5864 Modem - ok
06:08:57.0171 5864 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:08:57.0187 5864 Mouclass - ok
06:08:57.0218 5864 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:08:57.0218 5864 mouhid - ok
06:08:57.0250 5864 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:08:57.0250 5864 MountMgr - ok
06:08:57.0281 5864 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
06:08:57.0281 5864 MpFilter - ok
06:08:57.0406 5864 MpKsl5384c4f9 (a69630d039c38018689190234f866d77) d:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EEF4F594-8962-4E6C-92C0-DF8F554E5C69}\MpKsl5384c4f9.sys
06:08:57.0406 5864 MpKsl5384c4f9 - ok
06:08:57.0500 5864 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:08:57.0500 5864 mraid35x - ok
06:08:57.0546 5864 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:08:57.0546 5864 MRxDAV - ok
06:08:57.0593 5864 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:08:57.0609 5864 MRxSmb - ok
06:08:57.0671 5864 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:08:57.0671 5864 Msfs - ok
06:08:57.0718 5864 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:08:57.0718 5864 MSKSSRV - ok
06:08:57.0750 5864 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:08:57.0750 5864 MSPCLOCK - ok
06:08:57.0765 5864 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:08:57.0781 5864 MSPQM - ok
06:08:57.0812 5864 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:08:57.0812 5864 mssmbios - ok
06:08:57.0843 5864 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:08:57.0843 5864 MSTEE - ok
06:08:57.0890 5864 Mtlmnt5 (32ce8d0359672bcb720bf82c86a50d71) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
06:08:57.0890 5864 Mtlmnt5 - ok
06:08:57.0953 5864 Mtlstrm (8ada829d3d7cf2db7b1c41f3c7beaa79) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
06:08:57.0968 5864 Mtlstrm - ok
06:08:58.0015 5864 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:08:58.0015 5864 Mup - ok
06:08:58.0062 5864 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:08:58.0062 5864 NABTSFEC - ok
06:08:58.0109 5864 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:08:58.0109 5864 NDIS - ok
06:08:58.0140 5864 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:08:58.0140 5864 NdisIP - ok
06:08:58.0187 5864 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:08:58.0187 5864 NdisTapi - ok
06:08:58.0218 5864 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:08:58.0218 5864 Ndisuio - ok
06:08:58.0234 5864 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:08:58.0250 5864 NdisWan - ok
06:08:58.0281 5864 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:08:58.0296 5864 NDProxy - ok
06:08:58.0312 5864 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:08:58.0312 5864 NetBIOS - ok
06:08:58.0343 5864 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:08:58.0359 5864 NetBT - ok
06:08:58.0406 5864 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:08:58.0406 5864 NIC1394 - ok
06:08:58.0437 5864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:08:58.0437 5864 Npfs - ok
06:08:58.0484 5864 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:08:58.0500 5864 Ntfs - ok
06:08:58.0531 5864 NtMtlFax (f11e04e2d0034172eb2938d0bbc7b05b) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
06:08:58.0546 5864 NtMtlFax - ok
06:08:58.0562 5864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:08:58.0562 5864 Null - ok
06:08:58.0671 5864 nv (e9c44fa6803832b80fe18f7bcdd18318) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:08:58.0984 5864 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: e9c44fa6803832b80fe18f7bcdd18318, Fake md5: 4b54dcd6adee535df80f07c59ddd8f14
06:08:59.0062 5864 nv ( ForgedFile.Multi.Generic ) - warning
06:08:59.0062 5864 nv - detected ForgedFile.Multi.Generic (1)
06:08:59.0109 5864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:08:59.0109 5864 NwlnkFlt - ok
06:08:59.0140 5864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:08:59.0140 5864 NwlnkFwd - ok
06:08:59.0265 5864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:08:59.0265 5864 ohci1394 - ok
06:08:59.0343 5864 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:08:59.0343 5864 Parport - ok
06:08:59.0437 5864 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:08:59.0437 5864 PartMgr - ok
06:08:59.0484 5864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:08:59.0484 5864 ParVdm - ok
06:08:59.0515 5864 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
06:08:59.0531 5864 pavboot - ok
06:08:59.0562 5864 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:08:59.0562 5864 PCI - ok
06:08:59.0578 5864 PCIDump - ok
06:08:59.0593 5864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:08:59.0593 5864 PCIIde - ok
06:08:59.0625 5864 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:08:59.0640 5864 Pcmcia - ok
06:08:59.0671 5864 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
06:08:59.0671 5864 pcouffin - ok
06:08:59.0703 5864 PDCOMP - ok
06:08:59.0718 5864 PDFRAME - ok
06:08:59.0734 5864 PDRELI - ok
06:08:59.0750 5864 PDRFRAME - ok
06:08:59.0781 5864 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
06:08:59.0781 5864 perc2 - ok
06:08:59.0796 5864 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:08:59.0796 5864 perc2hib - ok
06:08:59.0859 5864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:08:59.0859 5864 PptpMiniport - ok
06:08:59.0875 5864 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
06:08:59.0875 5864 Processor - ok
06:08:59.0906 5864 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:08:59.0921 5864 PSched - ok
06:08:59.0937 5864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:08:59.0953 5864 Ptilink - ok
06:08:59.0984 5864 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:09:00.0000 5864 PxHelp20 - ok
06:09:00.0046 5864 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:09:00.0046 5864 ql1080 - ok
06:09:00.0062 5864 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:09:00.0062 5864 Ql10wnt - ok
06:09:00.0093 5864 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:09:00.0093 5864 ql12160 - ok
06:09:00.0109 5864 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:09:00.0109 5864 ql1240 - ok
06:09:00.0140 5864 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:09:00.0140 5864 ql1280 - ok
06:09:00.0171 5864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:09:00.0171 5864 RasAcd - ok
06:09:00.0218 5864 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:09:00.0218 5864 Rasl2tp - ok
06:09:00.0250 5864 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:09:00.0250 5864 RasPppoe - ok
06:09:00.0265 5864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:09:00.0265 5864 Raspti - ok
06:09:00.0296 5864 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:09:00.0296 5864 Rdbss - ok
06:09:00.0312 5864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:09:00.0328 5864 RDPCDD - ok
06:09:00.0359 5864 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:09:00.0375 5864 rdpdr - ok
06:09:00.0406 5864 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
06:09:00.0421 5864 RDPWD - ok
06:09:00.0453 5864 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
06:09:00.0453 5864 RecAgent - ok
06:09:00.0500 5864 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:09:00.0500 5864 redbook - ok
06:09:00.0562 5864 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
06:09:00.0562 5864 RimUsb - ok
06:09:00.0593 5864 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
06:09:00.0593 5864 RimVSerPort - ok
06:09:00.0625 5864 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
06:09:00.0625 5864 ROOTMODEM - ok
06:09:00.0671 5864 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
06:09:00.0687 5864 RTL8023 - ok
06:09:00.0718 5864 s916bus (fec4f19c80f623c3bfb386fc815bcd30) C:\WINDOWS\system32\DRIVERS\s916bus.sys
06:09:00.0718 5864 s916bus - ok
06:09:00.0765 5864 s916mdfl (a6f154da17cafd5743f552b1a88b2c32) C:\WINDOWS\system32\DRIVERS\s916mdfl.sys
06:09:00.0765 5864 s916mdfl - ok
06:09:00.0812 5864 s916mdm (b4362e96e0a9d258cf5c7ca7ad28958a) C:\WINDOWS\system32\DRIVERS\s916mdm.sys
06:09:00.0828 5864 s916mdm - ok
06:09:00.0859 5864 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
06:09:00.0875 5864 ScanUSBEMPIA - ok
06:09:00.0953 5864 SDHookDriver (47dd7bb6b72a5f49e01f53597bcaeac7) C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
06:09:00.0953 5864 SDHookDriver - ok
06:09:01.0015 5864 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys
06:09:01.0015 5864 se59bus - ok
06:09:01.0046 5864 se59mdfl (3ced539f4373ccf8d3fe71ae51053d5d) C:\WINDOWS\system32\DRIVERS\se59mdfl.sys
06:09:01.0046 5864 se59mdfl - ok
06:09:01.0078 5864 se59mdm (c6a6aa039d14f2ea1998e5f922014067) C:\WINDOWS\system32\DRIVERS\se59mdm.sys
06:09:01.0078 5864 se59mdm - ok
06:09:01.0109 5864 se59mgmt (7eecfa334292b1cd8de4990b63e02360) C:\WINDOWS\system32\DRIVERS\se59mgmt.sys
06:09:01.0109 5864 se59mgmt - ok
06:09:01.0140 5864 se59nd5 (555895a241611c59ce057c42bc8b6e85) C:\WINDOWS\system32\DRIVERS\se59nd5.sys
06:09:01.0140 5864 se59nd5 - ok
06:09:01.0187 5864 se59obex (729dfa6451b7356834bfa6faec9e3092) C:\WINDOWS\system32\DRIVERS\se59obex.sys
06:09:01.0187 5864 se59obex - ok
06:09:01.0265 5864 se59unic (5f453e3e797dbeefe35869dc0239effa) C:\WINDOWS\system32\DRIVERS\se59unic.sys
06:09:01.0265 5864 se59unic - ok
06:09:01.0296 5864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:09:01.0296 5864 Secdrv - ok
06:09:01.0343 5864 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:09:01.0359 5864 Serenum - ok
06:09:01.0375 5864 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:09:01.0390 5864 Serial - ok
06:09:01.0468 5864 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:09:01.0468 5864 Sfloppy - ok
06:09:01.0515 5864 Simbad - ok
06:09:01.0546 5864 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:09:01.0546 5864 sisagp - ok
06:09:01.0578 5864 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:09:01.0578 5864 SLIP - ok
06:09:01.0625 5864 Slntamr (c1a825aef40774bab5bed0e64022b089) C:\WINDOWS\system32\DRIVERS\slntamr.sys
06:09:01.0625 5864 Slntamr - ok
06:09:01.0671 5864 SlNtHal (d84ce5182f7d9f3e7e4ff0c36b16a466) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
06:09:01.0671 5864 SlNtHal - ok
06:09:01.0703 5864 SlWdmSup (4a35904e8ee6c103c815ee269cc7a7b9) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
06:09:01.0703 5864 SlWdmSup - ok
06:09:01.0750 5864 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:09:01.0750 5864 Sparrow - ok
06:09:01.0796 5864 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:09:01.0796 5864 splitter - ok
06:09:01.0828 5864 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:09:01.0828 5864 sr - ok
06:09:01.0875 5864 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:09:01.0875 5864 Srv - ok
06:09:01.0921 5864 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:09:01.0921 5864 streamip - ok
06:09:01.0953 5864 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:09:01.0953 5864 swenum - ok
06:09:01.0984 5864 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:09:01.0984 5864 swmidi - ok
06:09:02.0031 5864 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
06:09:02.0031 5864 symc810 - ok
06:09:02.0062 5864 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:09:02.0062 5864 symc8xx - ok
06:09:02.0078 5864 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:09:02.0078 5864 sym_hi - ok
06:09:02.0109 5864 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:09:02.0109 5864 sym_u3 - ok
06:09:02.0140 5864 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:09:02.0140 5864 sysaudio - ok
06:09:02.0203 5864 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:09:02.0203 5864 Tcpip - ok
06:09:02.0234 5864 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:09:02.0234 5864 TDPIPE - ok
06:09:02.0265 5864 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:09:02.0265 5864 TDTCP - ok
06:09:02.0296 5864 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:09:02.0296 5864 TermDD - ok
06:09:02.0359 5864 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
06:09:02.0359 5864 TosIde - ok
06:09:02.0390 5864 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:09:02.0390 5864 Udfs - ok
06:09:02.0437 5864 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
06:09:02.0437 5864 ultra - ok
06:09:02.0484 5864 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:09:02.0484 5864 Update - ok
06:09:02.0546 5864 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
06:09:02.0546 5864 USBAAPL - ok
06:09:02.0593 5864 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:09:02.0593 5864 usbccgp - ok
06:09:02.0640 5864 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:09:02.0640 5864 usbehci - ok
06:09:02.0656 5864 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:09:02.0656 5864 usbhub - ok
06:09:02.0687 5864 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:09:02.0687 5864 usbohci - ok
06:09:02.0718 5864 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:09:02.0718 5864 usbprint - ok
06:09:02.0765 5864 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:09:02.0765 5864 usbscan - ok
06:09:02.0812 5864 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
06:09:02.0812 5864 usbsermpt - ok
06:09:02.0859 5864 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:09:02.0859 5864 USBSTOR - ok
06:09:02.0890 5864 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:09:02.0890 5864 usbuhci - ok
06:09:02.0937 5864 USRWGU(USR) (64b7da31dee25c17fc67f9e4131eda93) C:\WINDOWS\system32\DRIVERS\USRWGU.sys
06:09:02.0953 5864 USRWGU(USR) - ok
06:09:02.0968 5864 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:09:02.0968 5864 VgaSave - ok
06:09:03.0015 5864 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:09:03.0015 5864 viaagp - ok
06:09:03.0031 5864 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:09:03.0031 5864 ViaIde - ok
06:09:03.0062 5864 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:09:03.0078 5864 VolSnap - ok
06:09:03.0125 5864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:09:03.0125 5864 Wanarp - ok
06:09:03.0156 5864 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
06:09:03.0156 5864 wanatw - ok
06:09:03.0203 5864 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
06:09:03.0218 5864 Wdf01000 - ok
06:09:03.0234 5864 WDICA - ok
06:09:03.0281 5864 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:09:03.0281 5864 wdmaud - ok
06:09:03.0406 5864 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
06:09:03.0406 5864 WpdUsb - ok
06:09:03.0468 5864 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:09:03.0468 5864 WSTCODEC - ok
06:09:03.0500 5864 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:09:03.0500 5864 WudfPf - ok
06:09:03.0546 5864 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:09:03.0546 5864 WudfRd - ok
06:09:03.0593 5864 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
06:09:03.0593 5864 ZDPSp50 - ok
06:09:03.0703 5864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
06:09:03.0859 5864 \Device\Harddisk0\DR0 - ok
06:09:03.0859 5864 Boot (0x1200) (a2e60298c1ba7d2234f9d3a9da059afa) \Device\Harddisk0\DR0\Partition0
06:09:03.0859 5864 \Device\Harddisk0\DR0\Partition0 - ok
06:09:03.0875 5864 Boot (0x1200) (b1af62b981977aef574b9b5586311e61) \Device\Harddisk0\DR0\Partition1
06:09:03.0875 5864 \Device\Harddisk0\DR0\Partition1 - ok
06:09:03.0875 5864 ============================================================
06:09:03.0875 5864 Scan finished
06:09:03.0875 5864 ============================================================
06:09:03.0906 5532 Detected object count: 1
06:09:03.0906 5532 Actual detected object count: 1
06:09:32.0015 5532 nv ( ForgedFile.Multi.Generic ) - skipped by user
06:09:32.0015 5532 nv ( ForgedFile.Multi.Generic ) - User select action: Skip

broni · 2012/02/10

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

bracklapiper · 2012/02/10

ComboFix 12-02-10.01 - Dad & Mum 11/02/2012 15:59:28.11.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.349 [GMT 0:00]
Running from: d:\documents and settings\Dad & Mum\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\bwUnin-6.1.4.68-8876480L.exe
c:\windows\bwUnin-7.2.0.157-8876480SL.exe
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\system32\Filters
c:\windows\system32\Filters\AviSplitter.ax
c:\windows\system32\Filters\ffdshow\ffdshow.ax
c:\windows\system32\Filters\VSFilter.dll
d:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 14:45 . 2012-01-06 04:19 6557240 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86CDF97A-080E-4724-920C-0999EF722307}\mpengine.dll
2012-02-09 14:39 . 2012-02-09 14:39 7271 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-02-09 14:39 . 2012-02-09 14:39 8782 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-01-13 10:09 . 2012-01-13 13:20 -------- d-----w- d:\documents and settings\Dad & Mum\Application Data\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-11-23 23:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 04:19 . 2011-11-25 15:44 6557240 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-10 15:24 . 2010-09-13 07:59 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-10 16:38 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 16:38 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-10 16:38 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-10 16:38 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-10 16:38 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"High Definition Audio Property Page Shortcut "= "HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel "= "c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"PCMService "= "c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"USBToolTip "= "c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-01-23 196608]
"PinnacleDriverCheck "= "c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"PCLEUSBTip "= "c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-01-23 196608]
"SsAAD.exe "= "c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 32768]
"RTHDCPL "= "RTHDCPL.EXE" [2005-09-22 14854144]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-04 198160]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"EEventManager "= "c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter "= "NvMCTray.dll" [2011-10-08 203072]
"nwiz "= "c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"SDTray "= "c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Spybot-S&D Cleaning "= "c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL "= "start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNTkzMzIwMDkzLUQzODFMKzQtRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwQysxLUxJQys3Ny1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtVFVHKzMtRERUKzExOTg3LUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJEVCsxLVRCKzEtVTEwKzE&prod=55&ver=10.0.1411" [?]
"Malwarebytes Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SpybotDeletingE1871 "= "c:\program files\Spybot - Search & Destroy 2\SDDelFile.exe" [2011-10-05 2469800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
d:\documents and settings\Dad & Mum\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Camio Viewer.lnk - d:\documents and settings\stewart family\Start Menu\Programs\Image Expert\IXApplet.exe [2006-2-12 103936]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-2-13 962661]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-21 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-10-10 573440]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot "= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe "=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe "=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe "=
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
"c:\\Program Files\\AOL 9.0\\waol.exe "=
"c:\\APPS\\skype\\phone\\Skype.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe "=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe "=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe "=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe "=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe "=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP "= 5985:TCP:*isabled:Windows Remote Management
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [25/11/2011 16:25 28552]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [07/01/2012 21:53 38504]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [06/12/2007 21:03 660768]
R2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [23/02/2006 20:23 6112]
R2 GenPort2;GenPort2;c:\windows\system32\drivers\genport2.sys [23/02/2006 20:23 6112]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [24/11/2011 10:02 2253120]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [07/01/2012 21:53 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [07/01/2012 21:53 955816]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [08/03/2009 16:26 47360]
R3 USRWGU(USR);USRobotics Wireless USB Adapter(USR);c:\windows\system32\drivers\USRWGU.sys [29/12/2005 09:00 408064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [07/01/2012 21:53 130976]
S2 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [08/01/2009 08:38 4136960]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [10/08/2004 16:38 14336]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [02/11/2007 10:47 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [02/11/2007 10:47 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [02/11/2007 10:47 109992]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/08/2004 16:38 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 56952431
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL85168CD4
*Deregistered* - 56952431
*Deregistered* - aswMBR
*Deregistered* - MpKsl85168cd4
*Deregistered* - ufrdypob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 11:34]
.
2012-02-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-01-07 15:46]
.
2012-02-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 15:39]
.
2012-02-11 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-01-07 15:46]
.
2012-02-11 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-01-07 15:46]
.
2012-02-11 c:\windows\Tasks\User_Feed_Synchronization-{3A74DC20-282D-448A-9390-79E69445EADD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
2012-02-11 c:\windows\Tasks\User_Feed_Synchronization-{55094903-34AB-420C-9B96-58E3342C8920}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
2012-02-11 c:\windows\Tasks\User_Feed_Synchronization-{92E3A599-9A1A-48AE-A04E-33D3AA00A019}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = ftp://192.168.0.3:2121/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{141D128E-2A01-40BB-975E-7792B5B83C40}: NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{91F1BEF2-1BDF-497A-AD58-8E01B4E21FCF}: NameServer = 208.67.220.220,208.67.222.222
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - d:\documents and settings\Dad & Mum\Application Data\Mozilla\Firefox\Profiles\ic92npxs.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1 "
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
HKLM-Run-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Image Expert - d:\documents and settings\stewart family\start menu\programs\Image Expert\Uninst.isu
AddRemove-VSO DivxToDVD_is1 - d:\documents and settings\stewart family\Start Menu\Programs\Accessories\DivxToDVD\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 16:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-11 16:12:58
ComboFix-quarantined-files.txt 2012-02-11 16:12
.
Pre-Run: 9,069,039,616 bytes free
Post-Run: 8,999,911,424 bytes free
.
- - End Of File - - A6762C56261AF03A123F20B2F03355B0

broni · 2012/02/10

Looks good.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

bracklapiper · 2012/02/10

OTL logfile created on: 11/02/2012 16:47:48 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Documents and Settings\Dad & Mum\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 212.24 Mb Available Physical Memory | 20.74% Memory free
2.40 Gb Paging File | 1.58 Gb Available in Paging File | 65.69% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 8.44 Gb Free Space | 28.15% Space Free | Partition Type: NTFS
Drive D: | 111.24 Gb Total Space | 56.24 Gb Free Space | 50.56% Space Free | Partition Type: NTFS

Computer Name: STEWART | User Name: Dad & Mum | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 16:44:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Dad & Mum\Desktop\OTL.exe
PRC - [2011/10/08 04:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/02/25 22:55:48 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2007/02/21 18:25:49 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/01/23 14:42:58 | 000,196,608 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2005/05/11 13:52:04 | 000,737,381 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/05/11 13:52:00 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/05/11 13:50:34 | 000,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2005/05/11 13:50:14 | 000,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/05/11 13:48:02 | 000,127,118 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe
PRC - [2005/01/24 17:36:52 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
PRC - [2004/07/28 16:39:30 | 000,962,661 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
PRC - [2004/05/14 08:42:32 | 000,573,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
PRC - [2004/04/26 06:06:12 | 000,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
PRC - [2004/04/08 08:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2001/10/30 12:58:24 | 000,103,936 | ---- | M] (Sierra Imaging) -- D:\Documents and Settings\stewart family\Start Menu\Programs\Image Expert\IXApplet.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/05 13:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/04/20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/02/21 18:16:15 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2005/05/11 13:50:34 | 000,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
MOD - [2005/05/11 13:50:14 | 000,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
MOD - [2005/05/11 13:49:26 | 000,061,522 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll
MOD - [2005/05/11 13:49:24 | 000,184,408 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll
MOD - [2005/05/11 13:49:24 | 000,028,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll
MOD - [2005/05/11 13:47:40 | 000,229,458 | ---- | M] () -- c:\APPS\Powercinema\Kernel\HomeNetWorking\CLNetMedia.dll
MOD - [2004/07/28 16:39:30 | 000,962,661 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
MOD - [2004/05/14 08:39:36 | 000,086,016 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2003/06/06 09:59:18 | 000,081,920 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\languages\english.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/08 04:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/01/08 08:38:46 | 004,136,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2007/12/06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2005/05/11 13:52:00 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/05/11 13:50:34 | 000,110,672 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/05/11 13:50:14 | 000,221,266 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/01/26 14:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 14:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 14:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/01/24 17:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2004/04/08 08:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/07/02 17:40:08 | 000,045,056 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (MpKslf764cb5d)
DRV - [2011/10/05 15:45:46 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2007/11/02 10:47:38 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916mdm.sys -- (s916mdm)
DRV - [2007/11/02 10:47:38 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916bus.sys -- (s916bus) Sony Ericsson Device 916 driver (WDM)
DRV - [2007/11/02 10:47:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916mdfl.sys -- (s916mdfl)
DRV - [2007/04/10 13:04:37 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/12/26 12:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/05 20:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006/09/05 20:08:40 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/05 20:07:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm)
DRV - [2006/09/05 20:07:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl)
DRV - [2006/09/05 20:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006/09/05 20:06:28 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)
DRV - [2006/09/05 20:06:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)
DRV - [2005/12/29 09:00:38 | 000,408,064 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USRWGU.sys -- (USRWGU(USR)) USRobotics Wireless USB Adapter(USR)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,019,712 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/06/02 17:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 16:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2005/02/11 10:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005/02/11 10:22:48 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005/02/11 10:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/10/25 12:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/03 22:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2004/04/26 06:09:52 | 000,054,657 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/04/26 06:09:42 | 000,071,405 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/03/02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2004/03/02 09:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2003/12/31 11:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/08/20 17:34:50 | 000,548,952 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/07/16 12:30:26 | 000,221,736 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/07/02 16:26:36 | 001,301,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/07/02 16:24:36 | 000,086,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/07/02 16:12:52 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/07/02 15:57:10 | 000,167,384 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1999/09/10 11:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.sys -- (Aspi32)
DRV - [1998/12/23 20:23:34 | 000,006,112 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\genport2.sys -- (GenPort2)
DRV - [1998/12/23 19:20:34 | 000,006,112 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\genport.sys -- (GenPort)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\PE_D_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\PE_D_DEFAULT USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\PE_D_LOCALSERVICE.NT AUTHORITY\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\PE_D_NETWORKSERVICE.NT AUTHORITY\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2400097430-212917666-1869797743-1015\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2400097430-212917666-1869797743-1015\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2400097430-212917666-1869797743-1015\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 32 93 2F D9 E8 CC 01 [binary data]
IE - HKU\S-1-5-21-2400097430-212917666-1869797743-1015\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2400097430-212917666-1869797743-1015\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2400097430-212917666-1869797743-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault SystÃ¨mes)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/04 10:41:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/17 21:56:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 21:56:45 | 000,000,000 | ---D | M]

[2010/09/30 09:55:26 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Dad & Mum\Application Data\Mozilla\Extensions
[2010/10/24 21:56:11 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Dad & Mum\Application Data\Mozilla\Firefox\Profiles\ic92npxs.default\extensions
[2010/09/30 09:55:31 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Dad & Mum\Application Data\Mozilla\Firefox\Profiles\ic92npxs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/24 21:56:11 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- D:\Documents and Settings\Dad & Mum\Application Data\Mozilla\Firefox\Profiles\ic92npxs.default\extensions\ChoiceGuard@Microsoft
[2010/09/30 09:55:31 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Dad & Mum\Application Data\Mozilla\Firefox\Profiles\ic92npxs.default\extensions\staged-xpis
[2011/11/15 16:44:14 | 000,003,674 | ---- | M] () -- D:\Documents and Settings\Dad & Mum\Application Data\Mozilla\Firefox\Profiles\ic92npxs.default\searchplugins\avg-secure-search.xml
[2010/10/14 10:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/14 10:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010/10/14 10:58:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/14 10:58:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/25 00:24:53 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/08/25 00:24:53 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/08/25 00:24:53 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/08/25 00:24:53 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/11 16:08:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [PCMService] c:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingE1871] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
O4 - HKU\PE_D_ADMINISTRATOR..\RunOnce: [spchecker] C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer.lnk = D:\Documents and Settings\stewart family\Start Menu\Programs\Image Expert\IXApplet.exe (Sierra Imaging)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\PE_D_ADMINISTRATOR\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\PE_D_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\PE_D_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\PE_D_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\PE_D_ALL USERS\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\PE_D_DEFAULT USER\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\PE_D_DEFAULT USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_D_LOCALSERVICE.NT AUTHORITY\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\PE_D_LOCALSERVICE.NT AUTHORITY\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_D_NETWORKSERVICE.NT AUTHORITY\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\PE_D_NETWORKSERVICE.NT AUTHORITY\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2400097430-212917666-1869797743-1015\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2400097430-212917666-1869797743-1015\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2400097430-212917666-1869797743-1015\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2400097430-212917666-1869797743-1015\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2400097430-212917666-1869797743-1016\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2400097430-212917666-1869797743-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141D128E-2A01-40BB-975E-7792B5B83C40}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F1BEF2-1BDF-497A-AD58-8E01B4E21FCF}: DhcpNameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F1BEF2-1BDF-497A-AD58-8E01B4E21FCF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9ED8CB6-573B-4710-8CFC-2350F9912B33}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\ImageX.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ImageX.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Windows Media Player\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

bracklapiper · 2012/02/10

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 16:43:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Dad & Mum\Desktop\OTL.exe
[2012/02/11 15:54:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/11 15:54:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/11 15:54:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/11 15:54:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/11 15:54:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/11 15:47:05 | 004,398,855 | R--- | C] (Swearware) -- D:\Documents and Settings\Dad & Mum\Desktop\ComboFix.exe
[2012/02/11 06:08:15 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- D:\Documents and Settings\Dad & Mum\Desktop\tdsskiller.exe
[2012/02/10 15:57:38 | 000,607,017 | R--- | C] (Swearware) -- D:\Documents and Settings\Dad & Mum\Desktop\dds.pif
[2012/02/10 13:57:07 | 004,733,440 | ---- | C] (AVAST Software) -- D:\Documents and Settings\Dad & Mum\Desktop\aswMBR.exe
[2012/01/13 10:09:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dad & Mum\Application Data\ElevatedDiagnostics
[2005/11/03 15:33:11 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[1980/01/01 00:00:00 | 001,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 00:00:00 | 000,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 00:00:00 | 000,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 00:00:00 | 000,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 00:00:00 | 000,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[1980/01/01 00:00:00 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/11 16:53:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3A74DC20-282D-448A-9390-79E69445EADD}.job
[2012/02/11 16:51:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{55094903-34AB-420C-9B96-58E3342C8920}.job
[2012/02/11 16:44:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Dad & Mum\Desktop\OTL.exe
[2012/02/11 16:08:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/11 15:52:03 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/02/11 15:50:30 | 000,000,314 | -HS- | M] () -- C:\BOOT.INI
[2012/02/11 15:49:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/02/11 15:49:49 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/02/11 15:47:18 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{92E3A599-9A1A-48AE-A04E-33D3AA00A019}.job
[2012/02/11 15:47:16 | 004,398,855 | R--- | M] (Swearware) -- D:\Documents and Settings\Dad & Mum\Desktop\ComboFix.exe
[2012/02/11 13:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/11 06:08:29 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- D:\Documents and Settings\Dad & Mum\Desktop\tdsskiller.exe
[2012/02/10 15:57:49 | 000,607,017 | R--- | M] (Swearware) -- D:\Documents and Settings\Dad & Mum\Desktop\dds.pif
[2012/02/10 15:56:23 | 000,000,512 | ---- | M] () -- D:\Documents and Settings\Dad & Mum\Desktop\MBR.dat
[2012/02/10 13:57:17 | 004,733,440 | ---- | M] (AVAST Software) -- D:\Documents and Settings\Dad & Mum\Desktop\aswMBR.exe
[2012/02/10 13:55:37 | 000,302,592 | ---- | M] () -- D:\Documents and Settings\Dad & Mum\Desktop\k8re2ksb.exe
[2012/02/10 12:38:02 | 000,000,305 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2012/02/09 21:53:17 | 000,000,669 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 15:23:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/09 14:44:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/09 14:39:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/09 14:39:25 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 01:15:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/29 01:15:09 | 000,141,824 | ---- | M] () -- D:\Documents and Settings\Dad & Mum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/13 01:50:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/13 01:23:11 | 000,526,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/13 01:23:11 | 000,096,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/11 15:54:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/11 15:54:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/11 15:54:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/11 15:54:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/11 15:54:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/10 15:56:23 | 000,000,512 | ---- | C] () -- D:\Documents and Settings\Dad & Mum\Desktop\MBR.dat
[2012/02/10 13:55:19 | 000,302,592 | ---- | C] () -- D:\Documents and Settings\Dad & Mum\Desktop\k8re2ksb.exe
[2012/01/12 23:33:35 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/21 06:01:00 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2010/11/11 07:56:29 | 000,000,671 | ---- | C] () -- D:\Documents and Settings\Dad & Mum\Application Data\vso_ts_preview.xml
[2010/09/21 13:26:35 | 000,141,824 | ---- | C] () -- D:\Documents and Settings\Dad & Mum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/18 16:06:10 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/18 16:06:07 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/18 16:06:07 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/26 20:38:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/12 15:21:34 | 000,000,298 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2009/10/13 20:31:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/10/05 14:17:00 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT
[2009/10/05 13:29:28 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/02 15:04:05 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/10/02 15:04:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/10/02 15:04:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/10/02 15:04:05 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/10/02 15:04:05 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/10/02 15:04:05 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/10/02 15:04:05 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/10/02 15:04:05 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/10/02 15:04:05 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/10/02 15:04:05 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/10/02 15:04:05 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/10/02 15:04:05 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/10/02 15:04:05 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/10/02 15:04:05 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/10/02 15:04:05 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/10/02 15:04:05 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/10/02 15:04:05 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/10/02 15:04:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/08/26 23:10:10 | 000,101,052 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/09 13:26:47 | 000,000,530 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/02/24 16:14:05 | 000,052,863 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/08/16 02:04:32 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/12/15 10:17:44 | 000,001,783 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/09 13:37:24 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/24 16:07:29 | 000,000,166 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\.zreglib
[2007/06/01 17:37:38 | 000,002,432 | ---- | C] () -- C:\WINDOWS\wds.dat
[2007/06/01 17:37:38 | 000,001,680 | ---- | C] () -- C:\WINDOWS\rmt.dat
[2007/04/03 18:42:30 | 000,003,552 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2007/04/03 18:30:39 | 001,057,144 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/06/07 13:41:02 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2006/06/07 13:39:47 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2006/06/07 13:39:47 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2006/06/07 13:39:47 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2006/06/07 13:39:47 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2006/06/07 13:39:47 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2006/05/22 16:42:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2006/05/16 15:59:30 | 000,000,057 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/04/06 19:25:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2006/04/06 19:23:35 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/04/06 19:23:35 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2006/04/06 19:23:34 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/03/27 16:18:53 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/03/27 16:18:53 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/03/25 19:21:01 | 000,000,305 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/25 13:54:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/02/23 20:23:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/02/23 20:23:52 | 000,006,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\genport2.sys
[2006/02/23 20:23:52 | 000,006,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\genport.sys
[2006/02/17 19:48:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/13 17:07:15 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2006/02/13 17:07:14 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2006/02/13 17:07:07 | 000,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2006/02/13 17:07:06 | 000,127,456 | ---- | C] () -- C:\WINDOWS\System32\ipdetect.exe
[2006/02/13 17:07:03 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2006/02/13 17:07:03 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2006/02/13 17:06:59 | 000,143,360 | ---- | C] () -- C:\WINDOWS\autoclk.exe
[2006/02/13 17:06:59 | 000,022,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpga.bin
[2006/02/09 00:17:43 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI
[2006/02/07 11:03:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/06 12:58:20 | 000,000,522 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/11/03 16:09:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/03 15:58:02 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2005/11/03 15:54:30 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2005/11/03 15:48:50 | 000,007,584 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/11/03 15:47:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/03 15:39:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/03 15:33:11 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/11/03 15:33:11 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe
[2005/11/03 15:33:11 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe
[2005/11/03 15:33:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/11/03 15:33:11 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005/11/03 15:33:11 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2005/07/12 13:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/05/20 14:05:02 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/21 09:36:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\AnimWnd.dll
[2004/08/10 17:13:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 17:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 16:55:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 16:48:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 16:46:35 | 000,429,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 16:38:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 16:38:09 | 000,526,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 16:38:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 16:38:09 | 000,096,284 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 16:38:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 16:38:08 | 000,004,541 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 16:38:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 16:38:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 16:37:57 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 16:37:57 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 16:37:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 16:37:40 | 000,640,000 | ---- | C] () -- C:\WINDOWS\System32\dbghelp.dll.old
[2004/08/10 16:37:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/23 13:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/05/10 02:02:12 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\MstartSound.dll
[2004/05/10 02:02:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\MstartScreen.dll
[2004/05/10 02:02:10 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\MshutSound.dll
[2004/05/10 02:02:10 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\MshutScreen.dll
[2004/03/23 15:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/06/17 10:25:12 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\LIBPNG13.DLL
[2003/06/17 10:25:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2003/05/20 01:40:06 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\IrrShape.dll
[2003/03/14 11:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2001/10/24 15:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2000/04/12 08:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1997/09/30 14:30:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1980/01/01 00:00:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[1980/01/01 00:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[1980/01/01 00:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980/01/01 00:00:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[1980/01/01 00:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[1980/01/01 00:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe

========== LOP Check ==========

[2010/09/12 20:05:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/09/12 20:03:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Windows Search
[2009/08/16 08:54:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\3DVIA
[2011/11/15 16:52:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/13 09:14:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\avg9
[2007/05/04 14:02:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\bowsbirdbibbind
[2009/02/25 23:19:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/10/13 09:25:48 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/24 09:40:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Driver Boost
[2009/02/26 13:48:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DriverCure
[2007/09/09 09:54:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/04/16 16:40:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\EPSON
[2011/11/15 16:51:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/26 20:37:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\OD2
[2006/06/07 13:38:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/09/01 19:48:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SlySoft
[2009/10/05 13:34:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\UDL
[2005/11/03 15:56:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/04/07 13:47:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 08:33:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/03 08:43:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/29 09:17:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad & Mum\Application Data\AnvSoft
[2011/08/11 23:20:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad & Mum\Application Data\calibre
[2011/08/12 09:07:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad & Mum\Application Data\eBookConverter
[2012/01/13 13:20:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad & Mum\Application Data\ElevatedDiagnostics
[2010/09/21 19:18:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad & Mum\Application Data\Epson
[2011/07/29 13:42:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad & Mum\Application Data\Research In Motion
[2011/08/12 09:12:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad & Mum\Application Data\Thinstall
[2010/10/06 17:14:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad & Mum\Application Data\Ulead Systems
[2005/01/01 15:46:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad & Mum\Application Data\Vso
[2010/09/20 18:11:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad & Mum\Application Data\Windows Desktop Search
[2010/10/29 10:24:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad & Mum\Application Data\Windows Search
[2009/06/12 07:37:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2012/02/11 15:49:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/02/09 14:44:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/02/11 15:49:49 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/02/11 15:52:03 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
[2012/02/11 16:53:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3A74DC20-282D-448A-9390-79E69445EADD}.job
[2012/02/11 16:51:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{55094903-34AB-420C-9B96-58E3342C8920}.job
[2012/02/11 15:47:18 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{92E3A599-9A1A-48AE-A04E-33D3AA00A019}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/11/03 15:43:52 | 000,000,210 | -HS- | M] () -- C:\BOOT.BAK
[2012/02/11 15:50:30 | 000,000,314 | -HS- | M] () -- C:\BOOT.INI
[2004/08/04 14:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/11 16:12:59 | 000,015,926 | ---- | M] () -- C:\ComboFix.txt
[2005/11/03 16:28:00 | 000,005,980 | ---- | M] () -- C:\DWNLOG.TXT
[2012/02/09 14:39:25 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2005/11/03 15:46:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/11/03 15:48:29 | 000,000,886 | -H-- | M] () -- C:\IPH.PH
[2005/11/03 15:46:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 14:00:00 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2008/09/22 13:33:22 | 000,250,048 | ---- | M] () -- C:\NTLDR
[2012/02/09 14:39:22 | 1609,801,728 | -HS- | M] () -- C:\pagefile.sys
[2006/03/30 14:46:26 | 000,000,000 | ---- | M] () -- C:\report.txt
[2010/09/08 09:04:16 | 000,000,387 | ---- | M] () -- C:\rkill.log
[2005/11/02 22:08:58 | 000,001,133 | ---- | M] () -- C:\SAUDIT.TXT
[2006/02/13 17:07:15 | 000,000,184 | ---- | M] () -- C:\setuplog.exe
[2006/12/07 19:15:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/05/16 19:43:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/08/07 13:09:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/23 20:42:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/23 20:43:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/26 15:29:03 | 000,000,304 | -H-- | M] () -- C:\sqmdata05.sqm
[2006/12/07 19:15:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/05/16 19:43:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/08/07 13:09:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/23 20:42:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/23 20:43:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/26 15:29:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2012/02/11 06:10:20 | 000,072,174 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_11.02.2012_06.08.45_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 16:58:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 10:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[1999/03/09 19:03:00 | 000,086,016 | ---- | M] () -- C:\WINDOWS\UPSCR.Scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/08/17 16:39:23 | 000,001,754 | -H-- | M] () -- D:\Documents and Settings\Dad & Mum\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2007/06/17 13:51:46 | 000,004,212 | ---- | M] () -- C:\Program Files\ReadMe.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 16:46:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 16:46:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 16:46:06 | 000,847,872 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/22 13:40:25 | 000,000,272 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/20 18:11:03 | 000,000,119 | -HS- | M] () -- D:\Documents and Settings\Dad & Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/11 00:04:54 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\Dad & Mum\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/02/10 13:57:17 | 004,733,440 | ---- | M] (AVAST Software) -- D:\Documents and Settings\Dad & Mum\Desktop\aswMBR.exe
[2012/02/11 15:47:16 | 004,398,855 | R--- | M] (Swearware) -- D:\Documents and Settings\Dad & Mum\Desktop\ComboFix.exe
[2012/02/10 13:55:37 | 000,302,592 | ---- | M] () -- D:\Documents and Settings\Dad & Mum\Desktop\k8re2ksb.exe
[2012/02/11 16:44:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Dad & Mum\Desktop\OTL.exe
[2010/09/16 09:40:09 | 000,755,552 | ---- | M] (Secunia) -- D:\Documents and Settings\Dad & Mum\Desktop\PSISetup.exe
[2012/02/11 06:08:29 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- D:\Documents and Settings\Dad & Mum\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/11/16 12:56:28 | 068,771,184 | ---- | M] (Apple Inc.) -- D:\Documents and Settings\Dad & Mum\My Documents\iTunesSetup.exe
[2011/10/12 22:13:07 | 008,068,864 | ---- | M] (Microsoft Corporation) -- D:\Documents and Settings\Dad & Mum\My Documents\mseinstall.exe
[2012/01/07 21:14:29 | 047,360,456 | ---- | M] (Safer-Networking Ltd. ) -- D:\Documents and Settings\Dad & Mum\My Documents\spybotsd-2.0.6-beta4.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/20 18:11:03 | 000,000,122 | -HS- | M] () -- D:\Documents and Settings\Dad & Mum\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/11 16:43:46 | 000,131,072 | -HS- | M] () -- D:\Documents and Settings\Dad & Mum\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1999/09/10 11:06:00 | 000,004,672 | R--- | M] (Adaptec) -- C:\WINDOWS\system\Wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

bracklapiper · 2012/02/10

OTL Extras logfile created on: 11/02/2012 16:47:48 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Documents and Settings\Dad & Mum\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 212.24 Mb Available Physical Memory | 20.74% Memory free
2.40 Gb Paging File | 1.58 Gb Available in Paging File | 65.69% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 8.44 Gb Free Space | 28.15% Space Free | Partition Type: NTFS
Drive D: | 111.24 Gb Total Space | 56.24 Gb Free Space | 50.56% Space Free | Partition Type: NTFS

Computer Name: STEWART | User Name: Dad & Mum | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:EnabledANDORA
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe:*:Enabled:WiselinkPro -- ()
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe:*:Enabled:http_ss_win_pro -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1011BB75-9FBD-4743-B239-AB0E3166BA02}" = Focus 165,000 Images
"{12DCDE3D-5C8E-4C5E-A7E4-CEF30F578179}" = Dogz 5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.1.135
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9061D8EC-67C5-4FD1-90D6-F6F5BE012707}" = USRobotics Wireless USB Adapter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = Tiscali Music Downloads
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DGroove" = 3D Groove Playback Engine
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AGeMusicBookViewer" = Ceol Mor eMusic Book (A Gilles Vol 1)
"Any Video Converter_is1" = Any Video Converter 3.2.5
"Bagpipe Player" = Bagpipe Player
"CardRecovery" = CardRecovery
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Create Your Own Greeting Cards" = Create Your Own Greeting Cards
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON PX700W Series" = EPSON PX700W Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW User’s Guide" = EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Manual
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"FileHippo.com" = FileHippo.com Update Checker
"GraphicView 32" = GraphicView 32
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1011BB75-9FBD-4743-B239-AB0E3166BA02}" = Focus 165,000 Images
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"InstallShield_{9061D8EC-67C5-4FD1-90D6-F6F5BE012707}" = USRobotics Wireless USB Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"PiobMaster" = PiobMaster
"RealPlayer 6.0" = RealPlayer
"Ulead COOL 360 1.0" = Ulead COOL 360 1.0
"VideoEgg" = VideoEgg Publisher
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/01/2005 18:06:31 | Computer Name = STEWART | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 14/01/2005 18:06:31 | Computer Name = STEWART | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 14/01/2005 18:06:32 | Computer Name = STEWART | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 17/12/2011 22:05:27 | Computer Name = STEWART | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 19/12/2011 15:41:16 | Computer Name = STEWART | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/01/2012 17:37:52 | Computer Name = STEWART | Source = Application Error | ID = 1000
Description = Faulting application CLMLService.exe, version 1.1.0.1619, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.

Error - 13/01/2012 05:08:00 | Computer Name = STEWART | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 13/01/2012 06:09:10 | Computer Name = STEWART | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 09/02/2012 10:28:32 | Computer Name = STEWART | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 09/02/2012 10:28:32 | Computer Name = STEWART | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 09/02/2012 10:28:57 | Computer Name = STEWART | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -86392 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.0.11:123->65.55.21.24:123) is working
properly.

Error - 09/02/2012 10:39:55 | Computer Name = STEWART | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 09/02/2012 10:40:10 | Computer Name = STEWART | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 09/02/2012 10:41:34 | Computer Name = STEWART | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -86392 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.0.11:123->65.55.21.24:123) is working
properly.

Error - 10/02/2012 09:59:47 | Computer Name = STEWART | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/02/2012 11:51:51 | Computer Name = STEWART | Source = Service Control Manager | ID = 7034
Description = The Spybot S&D 2 Live Protection Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/02/2012 11:58:40 | Computer Name = STEWART | Source = Service Control Manager | ID = 7034
Description = The SAMSUNG WiselinkPro Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/02/2012 11:59:57 | Computer Name = STEWART | Source = Service Control Manager | ID = 7016
Description = The SmartLinkService service has reported an invalid current state
0.

< End of report >

broni · 2012/02/10

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | Unknown | Running] -- -- (MpKslf764cb5d)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
[2011/11/15 16:44:14 | 000,003,674 | ---- | M] () -- D:\Documents and Settings\Dad & Mum\Application Data\Mozilla\Firefox\Profiles\ic92npxs.default\searchplugins\avg-secure-search.xml
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\PE_D_ADMINISTRATOR..\RunOnce: [spchecker] C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe ()
[2011/11/15 16:52:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/13 09:14:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\avg9
[2009/06/12 07:37:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

=============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

bracklapiper · 2012/02/10

All processes killed
========== OTL ==========
Error: Unable to stop service MpKslf764cb5d!
Service\Driver key MpKslf764cb5d not found.
Error: Unable to stop service pavboot!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pavboot deleted successfully.
C:\WINDOWS\system32\drivers\pavboot.sys moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
D:\Documents and Settings\Dad & Mum\Application Data\Mozilla\Firefox\Profiles\ic92npxs.default\searchplugins\avg-secure-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
C:\WINDOWS\system32\cmd.exe moved successfully.
Registry value HKEY_USERS\PE_D_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\RunOnce\\spchecker deleted successfully.
C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe moved successfully.
D:\Documents and Settings\All Users\Application Data\AVG10\Dumps folder moved successfully.
D:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
D:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
D:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: amie

User: Dad & Mum
->Temp folder emptied: 101793 bytes
->Temporary Internet Files folder emptied: 16247262 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 977 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.003
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.003
->Temp folder emptied: 3928 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Owner

User: stewart family

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2606 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: amie

User: Dad & Mum
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000

User: LocalService.NT AUTHORITY.001

User: LocalService.NT AUTHORITY.002

User: LocalService.NT AUTHORITY.003

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000

User: NetworkService.NT AUTHORITY.001

User: NetworkService.NT AUTHORITY.002

User: NetworkService.NT AUTHORITY.003

User: Owner

User: stewart family

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: amie

User: Dad & Mum
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000

User: LocalService.NT AUTHORITY.001

User: LocalService.NT AUTHORITY.002

User: LocalService.NT AUTHORITY.003

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000

User: NetworkService.NT AUTHORITY.001

User: NetworkService.NT AUTHORITY.002

User: NetworkService.NT AUTHORITY.003

User: Owner

User: stewart family

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02112012_190642

Files\Folders moved on Reboot...
File\Folder D:\Documents and Settings\Dad & Mum\Local Settings\Temp\~DF97BE.tmp not found!
File\Folder D:\Documents and Settings\Dad & Mum\Local Settings\Temp\~DF980E.tmp not found!
File\Folder D:\Documents and Settings\Dad & Mum\Local Settings\Temp\~DF99AA.tmp not found!
File\Folder D:\Documents and Settings\Dad & Mum\Local Settings\Temp\~DF99B9.tmp not found!
D:\Documents and Settings\Dad & Mum\Local Settings\Temporary Internet Files\Content.IE5\VOJGAN1M\854F4951FCBF6C450892031DA153B1[1].ico moved successfully.
D:\Documents and Settings\Dad & Mum\Local Settings\Temporary Internet Files\Content.IE5\U3ISYG8T\favicon[1].ico moved successfully.
D:\Documents and Settings\Dad & Mum\Local Settings\Temporary Internet Files\Content.IE5\U3ISYG8T\favicon[2].ico moved successfully.
D:\Documents and Settings\Dad & Mum\Local Settings\Temporary Internet Files\Content.IE5\9GBHK2FF\fastbutton[1].htm moved successfully.
D:\Documents and Settings\Dad & Mum\Local Settings\Temporary Internet Files\Content.IE5\9GBHK2FF\like[1].htm moved successfully.
D:\Documents and Settings\Dad & Mum\Local Settings\Temporary Internet Files\Content.IE5\77X20XPF\101815-active-start-up-problem[1].html moved successfully.
D:\Documents and Settings\Dad & Mum\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
D:\Documents and Settings\Dad & Mum\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
D:\Documents and Settings\NetworkService.NT AUTHORITY.003\Local Settings\Temp\MpCmdRun.log moved successfully.
File move failed. C:\WINDOWS\SAE6629A6.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

bracklapiper · 2012/02/10

the security checkup found nothing and here is the fss report

Farbar Service Scanner Version: 10-02-2012
Ran by Dad & Mum (administrator) on 11-02-2012 at 19:52:07
Running from "D:\Documents and Settings\Dad & Mum\Desktop "
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000056000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

broni · 2012/02/10

the security checkup found nothing
Click to expand...

What do you mean?
It produces a log.

bracklapiper · 2012/02/10

the text log chuckup was blank nothing in the log.
do i run it with the microsoft security on or off as ran it with it on.
thank you for the help on this so far.

broni · 2012/02/10

It doesn't matter.
Maybe bad download.
Delete your file and download fresh one.

bracklapiper · 2012/02/10

the eset scan found no problems. when i ran the security check it said path could not be found. then all the checks were file not found.
thank you for the help

broni · 2012/02/10

Maybe bad download.
Delete your file and download fresh one.
Click to expand...

.....

bracklapiper · 2012/02/11

i just retried the security check and has done the same saying specific path cannot be found and file not found.

broni · 2012/02/11

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Log in or Sign up

Solved start up problem

bracklapiper Inactive Thread Starter

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

bracklapiper Inactive Thread Starter

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved start up problem

bracklapiper Inactive Thread Starter

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

bracklapiper Inactive Thread Starter

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

bracklapiper Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches