Solved trojan dropper gen infection

[Resolved] trojan dropper gen infection

Hi There, I seem to have had or might still have a trojan dropper gen virus - avg seems to have let it through - it disabled my firewall, antivirus etc but i managed to run superantispyware and it found lots of it and removed it - but im left with everything in a mess my prgrams now dont seem to work as i get asked to choose which programs need to run them not sure antivirus or firewall are working I have saved the requested files dds to my desktop and wondered if someone could help me fix it? Many thanks in advance if you can

 

Hi,

please post the DDS logs.

Also, Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Download the update from here if you have problems.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Make sure that you restart the computer.

===========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 30/11/2005 01:04:33
System Uptime: 04/04/2010 07:42:56 (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-8S661GXMP
Processor: Intel(R) Celeron(R) CPU 2.93GHz | Socket 478 | 2934/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 26.831 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1151: 05/01/2010 16:17:10 - Avg8 Update
RP1152: 05/01/2010 19:40:36 - Installed InstallShield Restore Point
RP1153: 05/01/2010 19:41:41 - Installed EpsonNet Setup
RP1154: 05/01/2010 19:43:09 - Installed EpsonNet Print
RP1155: 05/01/2010 19:43:29 - Installed ABBYY FineReader 6.0 Sprint
RP1156: 05/01/2010 19:44:41 - Installed Epson Event Manager
RP1157: 05/01/2010 19:45:34 - Installed EPSON Scan Assistant
RP1158: 05/01/2010 19:46:21 - Installed Attach To Email
RP1159: 05/01/2010 19:46:46 - Installed EPSON Web-To-Page
RP1160: 06/01/2010 20:31:26 - System Checkpoint
RP1161: 08/01/2010 08:31:20 - System Checkpoint
RP1162: 10/01/2010 08:49:31 - System Checkpoint
RP1163: 12/01/2010 08:41:38 - System Checkpoint
RP1164: 13/01/2010 16:50:39 - System Checkpoint
RP1165: 14/01/2010 13:08:22 - Software Distribution Service 3.0
RP1166: 18/01/2010 11:55:38 - Avg8 Update
RP1167: 19/01/2010 18:37:39 - System Checkpoint
RP1168: 20/01/2010 13:26:31 - Software Distribution Service 3.0
RP1169: 21/01/2010 13:30:52 - System Checkpoint
RP1170: 22/01/2010 18:48:11 - System Checkpoint
RP1171: 22/01/2010 23:46:14 - Software Distribution Service 3.0
RP1172: 26/01/2010 14:57:18 - System Checkpoint
RP1173: 27/01/2010 14:15:14 - Avg8 Update
RP1174: 28/01/2010 15:02:23 - System Checkpoint
RP1175: 29/01/2010 15:10:25 - System Checkpoint
RP1176: 01/02/2010 08:51:55 - System Checkpoint
RP1177: 02/02/2010 08:56:25 - System Checkpoint
RP1178: 04/02/2010 07:16:08 - Software Distribution Service 3.0
RP1179: 04/02/2010 08:34:48 - Software Distribution Service 3.0
RP1180: 04/02/2010 09:09:41 - Restore Operation
RP1181: 04/02/2010 10:20:43 - Removed SUPERAntiSpyware Free Edition
RP1182: 04/02/2010 10:33:50 - Software Distribution Service 3.0
RP1183: 04/02/2010 10:56:45 - Software Distribution Service 3.0
RP1184: 04/02/2010 13:35:06 - Avg8 Update
RP1185: 04/02/2010 15:38:28 - Restore Operation
RP1186: 04/02/2010 16:26:33 - Restore Operation
RP1187: 04/02/2010 17:09:35 - Software Distribution Service 3.0
RP1188: 04/02/2010 17:18:06 - Software Distribution Service 3.0
RP1189: 04/02/2010 19:20:32 - Software Distribution Service 3.0
RP1190: 09/02/2010 17:43:56 - System Checkpoint
RP1191: 09/02/2010 20:24:28 - Software Distribution Service 3.0
RP1192: 11/02/2010 08:10:47 - System Checkpoint
RP1193: 12/02/2010 08:58:34 - System Checkpoint
RP1194: 15/02/2010 18:08:13 - System Checkpoint
RP1195: 16/02/2010 18:13:42 - System Checkpoint
RP1196: 18/02/2010 09:06:08 - Installed Windows Installer Clean Up
RP1197: 24/02/2010 08:16:52 - System Checkpoint
RP1198: 24/02/2010 22:49:43 - Software Distribution Service 3.0
RP1199: 25/02/2010 07:25:27 - Software Distribution Service 3.0
RP1200: 25/02/2010 17:14:45 - Installed Java(TM) 6 Update 17
RP1201: 25/02/2010 17:23:12 - Software Distribution Service 3.0
RP1202: 25/02/2010 17:46:28 - Software Distribution Service 3.0
RP1203: 27/02/2010 10:05:18 - System Checkpoint
RP1204: 01/03/2010 19:32:54 - Removed QuickTime
RP1205: 01/03/2010 19:40:26 - Removed iTunes
RP1206: 01/03/2010 19:48:51 - Installed iTunes
RP1207: 01/03/2010 19:55:42 - Removed iTunes
RP1208: 01/03/2010 19:58:16 - Removed QuickTime
RP1209: 01/03/2010 20:08:19 - Installed iTunes
RP1210: 01/03/2010 20:46:54 - Removed iTunes
RP1211: 01/03/2010 20:49:19 - Removed QuickTime
RP1212: 01/03/2010 20:51:34 - Removed Safari
RP1213: 01/03/2010 21:02:36 - Removed Apple Software Update
RP1214: 01/03/2010 21:04:35 - Removed Apple Mobile Device Support
RP1215: 01/03/2010 21:07:37 - Removed Apple Application Support
RP1216: 01/03/2010 21:09:41 - Removed Bonjour
RP1217: 01/03/2010 21:09:57 - Removed iPhone Configuration Utility
RP1218: 01/03/2010 21:10:10 - Removed iPhoneBrowser
RP1219: 01/03/2010 21:10:38 - Configured iPod for Windows 2006-06-28
RP1220: 01/03/2010 21:10:48 - Configured iPod for Windows 2006-06-28
RP1221: 01/03/2010 21:22:10 - Installed iTunes
RP1222: 01/03/2010 21:42:29 - Restore Operation
RP1223: 01/03/2010 21:59:59 - Installed iTunes
RP1224: 01/03/2010 22:08:42 - Removed iTunes
RP1225: 01/03/2010 22:11:57 - Installed iTunes
RP1226: 01/03/2010 22:14:26 - Removed iTunes
RP1227: 01/03/2010 22:17:13 - Removed QuickTime
RP1228: 01/03/2010 22:22:42 - Installed iTunes
RP1229: 01/03/2010 22:36:40 - Removed Apple Application Support
RP1230: 01/03/2010 22:38:25 - Removed Apple Mobile Device Support
RP1231: 01/03/2010 22:41:31 - Removed Apple Software Update
RP1232: 01/03/2010 22:41:52 - Removed Bonjour
RP1233: 01/03/2010 22:42:12 - Removed iPhone Configuration Utility
RP1234: 01/03/2010 22:44:05 - Removed iTunes
RP1235: 01/03/2010 22:46:56 - Removed iPhoneBrowser
RP1236: 01/03/2010 22:48:04 - Removed QuickTime
RP1237: 01/03/2010 22:48:45 - Removed Safari
RP1238: 01/03/2010 22:58:53 - Installed iTunes
RP1239: 03/03/2010 02:50:30 - System Checkpoint
RP1240: 04/03/2010 08:45:57 - System Checkpoint
RP1241: 05/03/2010 11:44:32 - System Checkpoint
RP1242: 06/03/2010 14:27:32 - System Checkpoint
RP1243: 09/03/2010 08:55:29 - System Checkpoint
RP1244: 10/03/2010 11:54:29 - Software Distribution Service 3.0
RP1245: 12/03/2010 09:47:18 - Avg8 Update
RP1246: 12/03/2010 09:51:38 - Avg Update
RP1247: 17/03/2010 09:35:43 - Avg Update
RP1248: 18/03/2010 14:55:52 - System Checkpoint
RP1249: 19/03/2010 17:37:46 - System Checkpoint
RP1250: 22/03/2010 14:56:56 - System Checkpoint
RP1251: 23/03/2010 15:22:44 - System Checkpoint
RP1252: 24/03/2010 16:11:26 - System Checkpoint
RP1253: 25/03/2010 17:09:50 - System Checkpoint
RP1254: 29/03/2010 14:54:07 - System Checkpoint
RP1255: 30/03/2010 17:20:21 - Installed blinkbox Download Manager
RP1256: 31/03/2010 09:12:49 - Software Distribution Service 3.0
RP1257: 01/04/2010 11:08:39 - System Checkpoint
RP1258: 01/04/2010 16:38:08 - Installed SiSAGP driver
RP1259: 01/04/2010 17:42:53 - Rollback to an unsigned driver
RP1260: 02/04/2010 08:16:39 - Avg Update
RP1261: 02/04/2010 08:17:56 - Avg Update
RP1262: 02/04/2010 23:13:54 - Removed AVG Free 9.0
RP1263: 02/04/2010 23:14:34 - Removed AVG Free 9.0
RP1264: 02/04/2010 23:16:02 - Removed AVG Free 9.0
RP1265: 02/04/2010 23:19:35 - Restore Operation
RP1266: 02/04/2010 23:35:47 - Removed QuickTime
RP1267: 03/04/2010 00:36:59 - Installed iTunes
RP1268: 03/04/2010 07:39:44 - Avg Update
RP1269: 03/04/2010 07:44:04 - Avg Update
RP1270: 03/04/2010 17:31:32 - Removed QuickTime
RP1271: 03/04/2010 17:44:21 - Installed QuickTime

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
AI RoboForm
Amazon MP3 Downloader 1.0.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AVG Free 9.0
AviSynth 2.5
blinkbox Download Manager
Bonjour
C-Media WDM Audio Driver
CCleaner
Coupon Printer
Critical Update for Windows Media Player 11 (KB959772)
Defraggler
Disc2Phone
DiskAid 2.52
eMule
Enable S3 for USB Device
Epson Easy Photo Print 2
EPSON SX510W Series Printer Uninstall
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Driver Diagnostics
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
HP Print Diagnostic Utility
hp psc 2200 series
HP System Diagnostics
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
K-Lite Codec Pack 3.5.7 Full
Malwarebytes' Anti-Malware
MediaFACE 4.01
MediaMonkey 3.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework SDK (English) 1.1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SharedView
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
MobileMe Control Panel
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero - Burning Rom
PC Connectivity Solution
Peggle Nights
Power2Go 4.0
PowerDVD
PowerStarter
QuickTime
RaidApplication
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Sitecom Wireless Network USB Adapter Turbo G WL-172
Smart Link 56K Voice Modem
Sony Ericsson Media Manager 1.0
Sony Ericsson PC Suite
Sony Ericsson PC Suite 4.010.00
SUPERAntiSpyware Free Edition
Tesco Download Manager
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
Videora iPod Converter 3.07
Videora iPod touch Converter 4.04
WebFldrs XP
Webshots Desktop
WebView
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinX DVD Ripper Platinum 5.1.1
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

31/03/2010 08:40:37, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TOMMY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8B490C73-1D01-4C04-. The master browser is stopping or an election is being forced.
04/04/2010 07:38:36, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb Ndisuio NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
04/04/2010 07:38:36, error: Service Control Manager [7001] - The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 07:38:36, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 07:38:36, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 07:38:36, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 07:38:36, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 07:38:36, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 07:38:36, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 07:38:28, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
04/04/2010 07:38:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/04/2010 07:30:18, error: Service Control Manager [7017] - Detected circular dependencies demand starting Fast User Switching Compatibility.
03/04/2010 22:32:27, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '05393323.exe' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
03/04/2010 20:56:50, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.0.103. The machine with the IP address 192.168.0.3 did not allow the name to be claimed by this machine.
03/04/2010 19:51:00, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
03/04/2010 19:48:05, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
03/04/2010 19:45:42, error: Service Control Manager [7000] - The RAS Asynchronous Media Driver service failed to start due to the following error: A device attached to the system is not functioning.
03/04/2010 19:45:42, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: Access is denied.
02/04/2010 23:45:06, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
01/04/2010 18:08:40, information: Windows File Protection [64002] - File replacement was attempted on the protected system file sisgrp.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.13.1.2000.

==== End Of File ===========================

 

DDS (Ver_10-03-17.01) - NTFSx86
Run by Deb at 7:54:33.21 on 04/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1503.798 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WebView\WebView-Reporting.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebView\WebView-Updater.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WebView\WebView-Process-Connector.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Deb\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotukdeals.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: WebView: {4beea052-726d-4a6e-b65d-a6bd07c263f3} - c:\program files\webview\Gacela2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON SX510W Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\windows\temp\E_S13.tmp" /EF "HKCU "
uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe "
StartupFolder: c:\docume~1\deb\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\siteco~1.lnk - c:\program files\sitecom\sitecom wireless network usb adapter turbo g wl-172\installer\WLANUTL.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - c:\program files\webview\Gacela2.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: lsp32.dll
Trusted Zone: autoregister.net\autoreg
Trusted Zone: brainjuicer.com\secure
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {3D0D2821-8011-4B1F-BE9C-27B8E74CFBEF} - hxxp://downloads.virginmedia.com/CST/ver1/VM_ActX_2.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {C92FAE80-87D0-431D-BA75-3E7A64F5069F} - hxxps://media.blinkbox.com/Licensing/Blinkbox.Licensing.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
TCP: {8B490C73-1D01-4C04-B040-790FED4782FE} = 194.168.4.100,194.168.8.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-19 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-19 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-19 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-11 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-11 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 WebView-Reporting-Service;WebView-Reporting-Service;c:\program files\webview\WebView-Reporting.exe [2009-2-23 102400]
R2 WebView-Update-Service;WebView-Update-Service;c:\program files\webview\WebView-Updater.exe [2009-2-23 176128]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-1-7 13224]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-11 12872]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================


==================== Find3M ====================

2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 09:50:43 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 09:48:46 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 03:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-01 16:17:45 90112 ----a-w- c:\windows\DUMP9819.tmp
2009-11-19 15:35:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009111920091120\index.dat

============= FINISH: 7:55:48.95 ===============

 

Malwarebytes' Anti-Malware 1.44
Database version: 3854
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/03/2010 06:54:09
mbam-log-2010-03-12 (06-54-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 324311
Time elapsed: 3 hour(s), 54 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

OTL logfile created on: 04/04/2010 11:29:55 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Deb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.60 Gb Total Space | 26.71 Gb Free Space | 18.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEBBIE
Current User Name: Deb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/04 11:25:33 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deb\Desktop\OTL.exe
PRC - [2010/04/03 07:43:07 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/03 07:42:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/12 10:50:36 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 10:50:34 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/12 10:50:29 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 10:48:45 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/09/30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/15 15:42:28 | 000,319,488 | ---- | M] () -- C:\Program Files\WebView\WebView-Process-Connector.exe
PRC - [2009/07/26 17:44:34 | 000,113,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2009/02/23 12:20:24 | 000,176,128 | ---- | M] () -- C:\Program Files\WebView\WebView-Updater.exe
PRC - [2009/02/23 12:20:24 | 000,102,400 | ---- | M] () -- C:\Program Files\WebView\WebView-Reporting.exe
PRC - [2008/11/20 07:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIFIE.EXE
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/17 14:59:02 | 000,913,408 | ---- | M] (Sitecom Europe BV.) -- C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
PRC - [2004/11/02 00:55:40 | 000,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
PRC - [2004/08/10 23:47:38 | 000,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2003/10/08 10:41:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/04 11:25:33 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deb\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/12 10:50:29 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/17 11:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/23 12:20:24 | 000,176,128 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Updater.exe -- (WebView-Update-Service)
SRV - [2009/02/23 12:20:24 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\WebView\WebView-Reporting.exe -- (WebView-Reporting-Service)
SRV - [2004/11/02 00:55:40 | 000,057,344 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2002/03/15 21:37:46 | 000,081,920 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotukdeals.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\WebView\ [2010/02/04 18:06:48 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/11/26 22:29:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WebView) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (TNS)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [RRT-Auto] C:\Documents and Settings\Deb\Desktop\RRT.exe File not found
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe (http://www.emule-project.net)
O4 - HKCU..\Run: [EPSON SX510W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE (Sitecom Europe BV.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\Deb\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : About WebView - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\WebView\Gacela2.dll (TNS)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: autoregister.net ([autoreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: brainjuicer.com ([secure] https in Trusted sites)
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} http://www.shopandscan.com/TNSClicker.CAB (TNSClicker.Clicker)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {3D0D2821-8011-4B1F-BE9C-27B8E74CFBEF} http://downloads.virginmedia.com/CST/ver1/VM_ActX_2.cab (VM_ActX_2 Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab (InetDownload Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (Reg Error: Key error.)
O16 - DPF: {C92FAE80-87D0-431D-BA75-3E7A64F5069F} https://media.blinkbox.com/Licensing/Blinkbox.Licensing.cab (ComplianceChecker Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandscan.com/TNSClickrc.CAB (TNSClickerc.Clicker)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Deb\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Deb\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/15 02:04:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = secfile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/11/26 23:36:08 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/04 11:25:32 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Deb\Desktop\OTL.exe
[2010/04/04 11:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WebView-Reporting-Service-Spool
[2010/04/04 09:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/04/04 09:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\1 Click PC Fix
[2010/04/04 09:04:17 | 003,857,920 | ---- | C] (1 Click PC Fix ) -- C:\Documents and Settings\Deb\Desktop\1clickpcfix.exe
[2010/04/03 00:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/03 00:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/02 23:22:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\SiS
[2010/04/02 23:22:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\trayres
[2010/04/02 23:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\SiS VGA Utilities V3.61a
[2010/04/02 23:16:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/04/02 23:14:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/02 23:14:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/02 23:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/02 23:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/02 18:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(3)
[2010/04/02 18:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/02 18:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(3)
[2010/04/02 08:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/04/01 18:14:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SIS(2)
[2010/04/01 18:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\SiS VGA Utilities V3(2).90
[2010/04/01 17:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb\Desktop\uvga3_390
[2010/04/01 16:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb\Desktop\R391_logo
[2010/03/31 09:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 17:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb\Local Settings\Application Data\BlinkBox
[2010/03/30 17:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\blinkbox
[2010/03/29 19:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deb\Local Settings\Application Data\Deployment
[2007/10/08 13:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory
[2007/09/16 11:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/09/15 20:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Share-to-Web Upload Folder
[2007/09/15 20:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/09/12 07:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/04/29 17:55:18 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2005/04/29 17:53:27 | 000,653,960 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2005/04/29 17:53:27 | 000,100,176 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2005/04/29 17:53:27 | 000,013,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2005/04/29 17:53:26 | 001,396,048 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2005/04/29 17:53:26 | 000,229,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2005/04/29 17:53:26 | 000,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[143 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[132 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/04 11:35:56 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\qowdk.sys
[2010/04/04 11:25:33 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deb\Desktop\OTL.exe
[2010/04/04 11:07:15 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/04 11:03:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/04 11:03:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/04 11:02:59 | 1576,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/04 11:01:56 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Deb\ntuser.dat
[2010/04/04 11:01:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Deb\ntuser.ini
[2010/04/04 10:53:57 | 000,016,244 | ---- | M] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/04/04 10:53:57 | 000,007,302 | ---- | M] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/04/04 10:53:57 | 000,007,148 | ---- | M] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/04/04 10:53:57 | 000,006,282 | ---- | M] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/04/04 09:56:23 | 058,520,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/04 09:18:58 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\Deb\Desktop\Free Window Registry Repair.lnk
[2010/04/04 09:16:32 | 000,798,000 | ---- | M] () -- C:\Documents and Settings\Deb\Desktop\RegpairSetup.exe
[2010/04/04 09:04:43 | 003,857,920 | ---- | M] (1 Click PC Fix ) -- C:\Documents and Settings\Deb\Desktop\1clickpcfix.exe
[2010/04/04 07:54:28 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Deb\Desktop\dds.scr
[2010/04/03 21:49:39 | 000,012,210 | -HS- | M] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\XORQ
[2010/04/03 21:49:39 | 000,012,210 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\XORQ
[2010/04/03 19:48:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2010/04/03 18:48:38 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/03 18:14:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6DECB844-4F4C-4B16-BC41-417044116927}.job
[2010/04/03 17:45:22 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 14:58:27 | 036,256,080 | ---- | M] () -- C:\Documents and Settings\Deb\Desktop\4lu628hw.exe
[2010/04/03 00:32:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 22:30:34 | 000,015,906 | -HS- | M] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\LK2mfPE2j
[2010/04/02 22:30:34 | 000,015,906 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
[2010/04/02 11:59:23 | 000,402,912 | ---- | M] () -- C:\ituneslib.itl
[2010/04/02 00:18:16 | 000,000,070 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2010/04/02 00:18:16 | 000,000,022 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/03/31 12:39:45 | 000,523,302 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/31 12:39:45 | 000,442,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/31 12:39:45 | 000,071,722 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/30 17:21:26 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\blinkbox Download Manager.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[143 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[132 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/04 11:02:59 | 1576,587,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/04 10:53:57 | 000,016,244 | ---- | C] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/04/04 10:53:57 | 000,007,302 | ---- | C] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/04/04 10:53:57 | 000,007,148 | ---- | C] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/04/04 10:53:57 | 000,006,282 | ---- | C] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/04/04 09:18:15 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Deb\Desktop\Free Window Registry Repair.lnk
[2010/04/04 09:16:25 | 000,798,000 | ---- | C] () -- C:\Documents and Settings\Deb\Desktop\RegpairSetup.exe
[2010/04/04 07:54:02 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Deb\Desktop\dds.scr
[2010/04/03 19:49:21 | 000,012,210 | -HS- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\XORQ
[2010/04/03 19:49:21 | 000,012,210 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\XORQ
[2010/04/03 19:45:39 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\qowdk.sys
[2010/04/03 17:45:21 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/03 14:58:19 | 036,256,080 | ---- | C] () -- C:\Documents and Settings\Deb\Desktop\4lu628hw.exe
[2010/04/03 00:45:55 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/03 00:32:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 22:20:28 | 000,015,906 | -HS- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\LK2mfPE2j
[2010/04/02 22:20:28 | 000,015,906 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
[2010/04/02 11:53:38 | 000,402,912 | ---- | C] () -- C:\ituneslib.itl
[2010/04/01 17:33:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2010/04/01 17:33:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2010/04/01 17:33:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2010/04/01 11:08:34 | 008,126,464 | ---- | C] () -- C:\Documents and Settings\Deb\ntuser.dat
[2010/03/30 17:21:23 | 000,200,650 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\BlinkBoxDesktopUpdate.log
[2010/03/30 17:20:25 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\blinkbox Download Manager.lnk
[2010/03/30 17:20:11 | 000,435,506 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\blinkboxDesktopInstall.log
[2010/01/14 16:30:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/01/05 20:39:43 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/11/18 08:55:38 | 000,007,168 | -HS- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\Thumbs.db
[2009/06/15 17:21:40 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\Deb\hpothb07.tif
[2009/06/15 17:21:40 | 000,000,158 | -H-- | C] () -- C:\Documents and Settings\Deb\hpothb07.dat
[2009/05/14 15:27:36 | 000,007,217 | -HS- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\Folder.jpg
[2009/05/14 15:27:36 | 000,002,072 | -HS- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\AlbumArtSmall.jpg
[2009/05/09 17:57:19 | 000,002,625 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\Failed Copy
[2009/05/09 17:29:53 | 012,939,480 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\moving into light (freemasons mix).mp3
[2009/05/09 16:54:29 | 000,014,662 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\.ipc_copyrecord
[2009/05/09 16:41:12 | 000,016,795 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\Skipping
[2009/05/09 15:30:33 | 000,001,232 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\iTunesPrefs
[2009/05/09 15:26:49 | 000,000,056 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\84756-11986-27475-00TC1-94865
[2008/10/06 16:13:49 | 000,001,418 | ---- | C] () -- C:\Documents and Settings\Deb\Application Data\HPCOM_48BitScanUpdate.log
[2008/10/06 16:13:49 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/10/06 07:41:01 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/18 10:35:05 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/01/01 23:49:47 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2007/11/28 20:45:35 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/11/28 20:45:29 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/11/28 20:45:29 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/28 20:45:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/28 20:45:24 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/11/28 20:45:24 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/06/11 13:17:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/04/12 08:57:30 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/21 21:58:55 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2006/11/27 09:57:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/03 09:02:11 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/13 12:57:44 | 000,000,115 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2006/05/09 11:38:17 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/07 07:44:46 | 000,000,004 | ---- | C] () -- C:\WINDOWS\jknradee.sys
[2006/03/15 11:31:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/11/30 02:04:58 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Deb\ntuser.dat.LOG
[2005/11/30 02:04:58 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Deb\ntuser.ini
[2005/11/30 02:04:58 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Deb\Local Settings\Application Data\fusioncache.dat
[2005/11/29 20:14:58 | 000,003,780 | ---- | C] () -- C:\Documents and Settings\Deb\Application Data\wklnhst.dat
[2005/11/29 19:58:17 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/11/29 19:48:16 | 000,000,014 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2005/11/29 19:38:54 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2005/04/29 18:09:26 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/04/29 18:06:32 | 000,106,346 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/04/29 18:06:11 | 000,102,538 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/04/29 18:03:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2005/04/29 17:58:58 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2005/04/29 17:58:58 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2005/04/29 17:55:18 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/04/29 17:55:18 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/04/29 17:55:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005/04/29 17:53:27 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2005/04/29 17:53:27 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2005/04/29 17:53:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2005/04/29 17:23:31 | 000,000,613 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/02/15 10:44:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/15 00:49:30 | 000,004,190 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/07/01 19:38:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2004/07/01 19:38:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2004/07/01 19:38:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/07/01 19:38:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/02/18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/11/19 19:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/02 23:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/05 20:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2005/11/30 18:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2009/11/24 17:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/02/25 19:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2005/12/01 16:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/01/07 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2007/09/22 08:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2008/11/21 19:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/15 21:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tesco Photobook Creator
[2010/03/16 20:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/11/22 11:29:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0A03A701-F883-4052-859E-496FFE1D2945}
[2010/04/02 18:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 20:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/14 16:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/10 17:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Amazon
[2009/05/12 09:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\DiskAid
[2010/03/16 20:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Epson
[2006/11/19 19:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Leadertech
[2009/11/24 17:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Nokia
[2007/10/08 16:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Opera
[2009/11/24 17:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\PC Suite
[2009/01/14 11:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Red Kawa
[2005/05/04 00:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\SampleView
[2009/01/07 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Sony
[2006/10/07 09:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Teleca
[2006/01/14 10:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Template
[2010/03/16 16:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\uTorrent
[2007/05/13 17:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deb\Application Data\Webshots
[2010/04/03 19:48:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
[2010/04/03 18:14:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6DECB844-4F4C-4B16-BC41-417044116927}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/02/04 08:23:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/02/04 08:23:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 14:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 14:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/02/04 08:23:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/02/04 08:23:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[143 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2005/02/14 17:54:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/02/14 17:54:37 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/02/14 17:54:36 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< >
< End of report >

 

OTL Extras logfile created on: 04/04/2010 11:29:55 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Deb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.60 Gb Total Space | 26.71 Gb Free Space | 18.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEBBIE
Current User Name: Deb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"4661:TCP" = 4661:TCP:*:Enabled:eMule1
"4672:UDP" = 4672:UDP:*:Enabled:eMule2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0 -- (Sony Creative Software Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\blinkbox\Desktop\BlinkBoxDesktop.exe" = C:\Program Files\blinkbox\Desktop\BlinkBoxDesktop.exe:LocalSubNet:Enabled:blinkbox Desktop Application -- (blinkbox Entertainment Ltd)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}" = Sony Ericsson Media Manager 1.0
"{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}" = RaidApplication
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{26B5D684-75D6-44B9-BBFF-D4100F43092A}" = Sony Ericsson PC Suite
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4FCBD822-5DAB-4403-9064-569D7AA7DAD6}" = HP System Diagnostics
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = WebView
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}" = hp psc 2200 series
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E151EE9D-2A4E-4DDB-90EA-F40F8DAFDCD5}" = blinkbox Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6DE9A54-8514-446E-9D11-530DC599C355}" = Microsoft SharedView
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Sitecom Wireless Network USB Adapter Turbo G WL-172
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Coupon Printer2.0" = Coupon Printer
"Defraggler" = Defraggler
"DiskAid_is1" = DiskAid 2.52
"eMule" = eMule
"Enable S3 for USB Device" = Enable S3 for USB Device
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"Free Window Registry Repair" = Free Window Registry Repair
"HijackThis" = HijackThis 2.0.2
"HP PSC 2200 Series" = HP Photo and Imaging 2.0 - hp psc 2200 series
"ie8" = Windows Internet Explorer 8
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.7 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Peggle Nights" = Peggle Nights
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SLAMRNTV" = Smart Link 56K Voice Modem
"TescoDownloader" = Tesco Download Manager
"Update Service" = Update Service
"Videora iPod Converter" = Videora iPod Converter 3.07
"Videora iPod touch Converter" = Videora iPod touch Converter 4.04
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Webshots Desktop_is1" = Webshots Desktop
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.1.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/10/2009 17:42:19 | Computer Name = DEBBIE | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/11/2009 17:21:31 | Computer Name = DEBBIE | Source = Application Hang | ID = 1002
Description = Hanging application emule.exe, version 0.49.2.37, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 02/11/2009 17:28:06 | Computer Name = DEBBIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/11/2009 17:28:06 | Computer Name = DEBBIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/11/2009 17:28:06 | Computer Name = DEBBIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/11/2009 17:28:12 | Computer Name = DEBBIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/11/2009 16:39:19 | Computer Name = DEBBIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/11/2009 16:39:19 | Computer Name = DEBBIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 07/11/2009 15:43:01 | Computer Name = DEBBIE | Source = Application Hang | ID = 1002
Description = Hanging application emule.exe, version 0.49.2.37, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 07/11/2009 16:36:33 | Computer Name = DEBBIE | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Mail -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2762. The arguments are: , ,

[ System Events ]
Error - 04/04/2010 05:53:36 | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 04/04/2010 05:53:36 | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 04/04/2010 05:53:36 | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7001
Description = The Wireless Zero Configuration service depends on the NDIS Usermode
I/O Protocol service which failed to start because of the following error: %%31

Error - 04/04/2010 05:53:36 | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 04/04/2010 05:53:36 | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 04/04/2010 05:53:36 | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 04/04/2010 05:53:36 | Computer Name = DEBBIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb Ndisuio NetBIOS NetBT RasAcd Rdbss
SASDIFSV
SASKUTIL
Tcpip
WS2IFSL

Error - 04/04/2010 05:53:41 | Computer Name = DEBBIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 04/04/2010 06:01:46 | Computer Name = DEBBIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 04/04/2010 06:01:54 | Computer Name = DEBBIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

 

Hi There I have posted the otl files but is saying they need to be authorised by the mod!

 

Hi. How many times have you run Combofix? When was the last time it was run?

You should uninstall all the Java updates in add/remove programs except update 19.

==

MBA-M was not updated as requested. Please update it and run a quick scan and post the log.

==

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\System32\drivers\qowdk.sys
C:\Documents and Settings\Deb\Desktop\4lu628hw.exe
C:\WINDOWS\jknradee.sys

 

I havent run combofix for months it has been run once before when I had a virus quite some time ago - I certainly have tried running it for this until advised as I know it is a complex program!
Sorry thought I had updated mbam will do again and post now!

 

that was meant to say I certainly haven't tried running it for this problem without advice!

 

Ive just gone into mbam and it says it has the latest update - will scan again regardless!

 

add/remove programs will not work - error message c:\windows\system32\rundll.exe application not found - the same goes for firewall etc so I cant remove java updates

 

File jknradee.sys received on 2010.04.04 12:15:03 (UTC)Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.04 -
AhnLab-V3 5.0.0.2 2010.04.03 -
AntiVir 7.10.6.24 2010.04.03 -
Antiy-AVL 2.0.3.7 2010.04.02 -
Authentium 5.2.0.5 2010.04.04 -
Avast 4.8.1351.0 2010.04.03 -
Avast5 5.0.332.0 2010.04.03 -
AVG 9.0.0.787 2010.04.04 -
BitDefender 7.2 2010.04.04 -
CAT-QuickHeal 10.00 2010.04.03 -
ClamAV 0.96.0.0-git 2010.04.03 -
Comodo 4496 2010.04.04 -
DrWeb 5.0.2.03300 2010.04.04 -
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet None 2010.04.02 -
F-Prot 4.5.1.85 2010.04.04 -
F-Secure 9.0.15370.0 2010.04.03 -
Fortinet 4.0.14.0 2010.04.04 -
GData 19 2010.04.04 -
Ikarus T3.1.1.80.0 2010.04.04 -
Jiangmin 13.0.900 2010.04.04 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.04 -
McAfee 5937 2010.03.31 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 6.8.5 2010.04.03 -
Microsoft 1.5605 2010.04.04 -
NOD32 4998 2010.04.04 -
Norman 6.04.10 2010.04.03 -
nProtect 2009.1.8.0 2010.04.04 -
Panda 10.0.2.2 2010.04.03 -
PCTools 7.0.3.5 2010.04.04 -
Prevx 3.0 2010.04.04 -
Rising 22.41.04.05 2010.04.02 -
Sophos 4.52.0 2010.04.04 -
Sunbelt 6136 2010.04.04 -
Symantec 20091.2.0.41 2010.04.04 -
TheHacker 6.5.2.0.252 2010.04.04 -
TrendMicro 9.120.0.1004 2010.04.04 -
VBA32 3.12.12.4 2010.04.02 -
ViRobot 2010.4.3.2259 2010.04.04 -
VirusBuster 5.0.27.0 2010.04.04 -

Additional information
File size: 4 bytes
MD5...: f2f0da36185220843b89ada5effdd58c
SHA1..: 7cf32a70d55d541328fab620dd985f62ea67a27f
SHA256: 0ea02019c0b00424bce55c12f56719937f85d8f9f77bd451a77fbdc6ac3bb4a1
ssdeep: 3:FIh:y<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: PGN (Portable Gaming Notation) Compressed format (100.0%)
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

 

C:\Documents and Settings\Deb\Desktop\4lu628hw.exe - this is drweb exe but will scan

 

couldnt upload the drweb exe as was too big!

 

And I cant locate the folder system32\drivers

 

mbam has just detected a shed load more trojans - and also made avg resident shield pop up?? how bizarre it didn't detect them before!

 

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3952

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/04/2010 13:54:45
mbam-log-2010-04-04 (13-54-45).txt

Scan type: Quick scan
Objects scanned: 140543
Time elapsed: 20 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\Deb\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE ") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\qowdk.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\Deb\Local Settings\temp\hxxt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deb\Local Settings\temp\TMP9683.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deb\Local Settings\temp\TMPE261.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deb\Local Settings\temp\npfn.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\0FHNPG72\fjnvpk[1].htm (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\0FHNPG72\oriqbjdp[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\0FHNPG72\read_force[1].jpg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\3RVFXRT4\fjnvpk[1].htm (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\3RVFXRT4\oriqbjdp[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\HGGHL0EK\fwelcx[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\HGGHL0EK\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\HGGHL0EK\rvqxfn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

 

I notice that mbam is asking for the rootkit to be deleted on reboot this was the folder i couldnt find - please advise before i reboot!