Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows security alert [Closed]

Started by cobra kane , Jan 11 2010 02:09 PM

  • This topic is locked This topic is locked

#1
cobra kane
Posted 11 January 2010 - 02:09 PM

cobra kane

    New Member

  • Member
  • Pip
  • 9 posts
I've done all of the steps in the initial advice, but gmer wont open and neither will malwarebytes. I had a message that initially popped up as 'windows security alert' and kept telling me i was infected. My dad somehow stopped the popup messages and the security thing continually popping up, but everything gets very slow sometimes and everytime i open explorer i get a 'IE has encountered.. send error report, dont send'. If i click dont send it always closes the window. Also, sometimes the speakers start playing an advert and i can see a windows explorer is running. I have got hijack this. Anyone got an idea how I can fix this because I would greatly appeciate any help. Thanks.

*OTL wont open: it keeps saying its not a valid win32 program..

Edited by cobra kane, 13 January 2010 - 05:34 AM.

  • 0

Advertisements

#2
Cruise475
Posted 17 January 2010 - 10:00 AM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Greetings, cobra kane. Welcome to GeeksToGo. My name is Cruise475 and I am here to help you with your malware troubles.

Before we get started, I would like to mention a few things :)
  • There may be some delays between my posts to you. I am still in training, so every response must be checked with a resident expert before I can give them to you!
  • Please follow my instructions step by step, if something does not work, or you get confused just ask for clarification :)
  • Please do not attach any logs unless I specifically ask for it, it makes it easier for us to check your logs! Just post them right into the topic. If it requires more than one post, feel free to spread them over multiple posts!
  • While we are working together, please do not run any tools without being directed to do so. Running some of our tools unsupervised can be very dangerous!
  • Lastly, You may find it beneficial to print my instructions, or save them to a text file. As some of my instructions may require you to reboot into safe mode :)

I am currently reviewing the information you have provided and I will post back with some instructions shortly :)

Thanks
Cruise
  • 0

#3
Cruise475
Posted 17 January 2010 - 10:18 AM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hello cobra kane,

Sorry for the delay!


Download Combofix from any of the links below. You must rename it before saving. Rename it to svchost.com before saving it to your desktop. Also make sure Save as Type is All Files.

Link 1
Link 2


NOTE: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop



  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Gotcha as follows:

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don''t know how to disable it, please ask.
    -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  • Double click on the renamed svchost.com & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new OTL log for further review.
**Note: Do not mouseclick combo-fix''s window while it''s running. That may cause it to stall**

Thanks
Cruise
  • 0

#4
cobra kane
Posted 17 January 2010 - 01:14 PM

cobra kane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Combofix log:

ComboFix 10-01-16.04 - Owner 17/01/2010 18:03:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.726 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\exercise2.log
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\drivers\H8SRTofdxvflthv.sys
c:\windows\system32\drivers\hjgruievpwunlp.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\H8SRTaurulcnayd.dat
c:\windows\system32\H8SRThmlymmmkmu.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTqoxosqbhqn.dll
c:\windows\system32\H8SRTumrohpkqcp.dll
c:\windows\system32\hjgruicjddiqya.dll
c:\windows\system32\hjgruiiysuwvuw.dat
c:\windows\system32\hjgruiovuptpaq.dll
c:\windows\system32\hjgruipmxofiqv.dat
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\srcr.dat
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Service_hjgruioouylmxq
-------\Legacy_hjgruioouylmxq
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-02 18:00 . 2010-01-02 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-01-02 17:59 . 2010-01-02 17:59 -------- d-----w- c:\program files\Common Files\iS3
2010-01-02 17:59 . 2010-01-02 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-02 15:28 . 2010-01-02 15:28 -------- d-----w- c:\program files\ERUNT
2009-12-31 16:24 . 2009-12-31 16:24 -------- d-----w- c:\program files\trendmicro
2009-12-20 02:13 . 2009-12-20 02:13 27852 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-19 16:02 . 2009-12-19 16:02 -------- d-----w- c:\program files\LizardTech
2009-12-18 21:09 . 2009-12-18 21:11 -------- d-----w- c:\program files\iTunes
2009-12-18 21:09 . 2009-12-18 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-18 21:06 . 2009-12-18 21:07 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 17:34 . 2009-09-18 11:45 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2010-01-17 17:28 . 2009-11-23 21:18 -------- d-----w- c:\documents and settings\Owner\Application Data\DC++
2010-01-17 13:55 . 2008-06-01 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-17 03:07 . 2009-02-13 00:09 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 2
2010-01-11 18:49 . 2009-02-16 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 16:07 . 2009-02-16 13:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-02-16 13:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 22:37 . 2006-05-21 16:37 -------- d-----w- c:\program files\Java
2010-01-02 17:48 . 2006-08-24 23:22 -------- d-----w- c:\program files\WS_FTP Pro
2010-01-02 16:47 . 2006-05-21 16:49 -------- d-----w- c:\program files\McAfee
2010-01-02 16:47 . 2006-05-21 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-02 16:36 . 2009-02-16 11:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-29 08:32 . 2007-03-29 16:46 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-12-19 16:02 . 2006-06-25 18:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-19 16:01 . 2006-05-21 16:41 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-18 21:49 . 2006-06-25 18:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-12-18 21:23 . 2009-03-18 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-18 21:09 . 2006-06-25 18:06 -------- d-----w- c:\program files\iPod
2009-12-18 21:09 . 2009-05-11 08:53 -------- d-----w- c:\program files\Common Files\Apple
2009-12-06 17:29 . 2009-12-06 17:28 -------- d-----w- c:\program files\Mfit4Win
2009-11-24 01:04 . 2006-05-25 19:37 -------- d-----w- c:\program files\LimeWire
2009-11-24 01:04 . 2007-12-26 11:47 -------- d-----w- c:\program files\Lame MP3 Codec
2009-11-24 01:04 . 2009-09-12 10:16 -------- d-----w- c:\program files\FXDD - MetaTrader 4
2009-11-24 01:04 . 2006-05-27 17:15 -------- d-----w- c:\program files\DivX
2009-11-24 01:04 . 2007-09-25 13:37 -------- d-----w- c:\program files\speaktext
2009-11-24 01:04 . 2006-12-01 14:34 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-24 01:04 . 2007-09-24 17:51 -------- d-----w- c:\program files\Windows Live Toolbar
2009-11-24 01:03 . 2009-09-07 18:55 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-24 01:03 . 2006-05-21 16:42 -------- d-----w- c:\program files\Microsoft Works
2009-11-23 21:18 . 2009-11-20 17:53 -------- d-----w- c:\program files\DC++
2006-07-28 20:31 . 2006-05-25 10:40 88 --sh--r- c:\windows\system32\1119645446.sys
2007-02-05 01:08 . 2006-05-24 17:53 104 --sh--r- c:\windows\system32\4654641911.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-01 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"C-Media Mixer"="Mixer.exe" [2003-03-20 1855488]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-6-30 11536384]

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-15 16:30 133104 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-01 00:28 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SeekmoOE"=c:\program files\Seekmo\bin\10.0.370.0\OEAddOn.exe
"SeekmoSA"="c:\program files\Seekmo\bin\10.0.370.0\SeekmoSA.exe"
"SiteAdvisor"=c:\program files\SiteAdvisor\6253\SiteAdv.exe
"DLCCCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Charlie's\\Software\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [09/11/2009 22:00 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [09/11/2009 22:03 27632]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [16/02/2009 11:50 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-01-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]

2010-01-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-01 11:43]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-360771785-396281009-1872380415-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-15 16:30]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-360771785-396281009-1872380415-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-15 16:30]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-16 12:22]

2009-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-16 12:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6p50or2y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npdjvu.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-MCODS
MSConfigStartUp-Malware Defense - c:\program files\Malware Defense\mdefense.exe
MSConfigStartUp-settdebugx - c:\docume~1\Owner\LOCALS~1\Temp\settdebugx.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
AddRemove-WS_FTP Pro - c:\program files\WS_FTP Pro\uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 18:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-360771785-396281009-1872380415-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{80C1CBE4-0647-8787-774F-B3D6B1F11B55}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialjmhodmdgfijfcnj"=hex:69,61,63,63,66,65,6b,62,64,69,6a,61,6a,70,68,64,6f,67,
00,00
"habkcmjeifoeefej"=hex:69,61,63,63,66,65,6b,62,64,69,6a,61,6a,70,68,64,6f,67,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(512)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\Mixer.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\windows\system32\dlcccoms.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-01-17 18:22:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-17 18:22

Pre-Run: 18,736,443,392 bytes free
Post-Run: 19,651,497,984 bytes free

- - End Of File - - 943CA7626BC69128DD5C5A90A7A54FFA

OTL log:

OTL logfile created on: 17/01/2010 18:59:44 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Owner\My Documents\Charlie's\Software
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 568.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 18.32 Gb Free Space | 12.55% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 298.09 Gb Total Space | 151.79 Gb Free Space | 50.92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/17 18:42:45 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Charlie's\Software\OTL.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/24 14:41:58 | 00,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/30 04:36:11 | 11,536,384 | ---- | M] (AVM Software Inc.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
PRC - [2009/04/30 12:23:26 | 00,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/01 00:28:59 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/11/06 00:50:44 | 00,116,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2007/11/02 19:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/10/19 19:46:08 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/10/19 19:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/10/14 20:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/10/14 19:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/10/17 12:04:40 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2005/10/14 19:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/10/14 19:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/07/22 19:03:00 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2005/06/21 20:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2004/08/04 04:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2003/05/12 14:02:32 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/05/12 14:02:32 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2003/05/12 14:02:26 | 00,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
PRC - [2003/05/12 14:02:26 | 00,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
PRC - [2003/03/20 06:21:00 | 01,855,488 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2010/01/17 18:42:45 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Charlie's\Software\OTL.exe
MOD - [2006/08/25 15:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/30 12:23:26 | 00,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/04/26 11:43:23 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2007/11/06 20:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 20:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2005/06/21 20:19:38 | 00,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/19 10:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/05/12 14:02:32 | 00,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 2\components [2010/01/02 17:33:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 2\plugins [2010/01/02 17:33:08 | 00,000,000 | ---D | M]

[2009/02/13 00:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/02/13 00:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6p50or2y.default\extensions

O1 HOSTS File: ([2010/01/17 18:14:54 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1196526915968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.243.46.113 128.243.42.59
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 11:52:56 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/17 17:52:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/17 17:52:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/17 17:52:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/17 17:52:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/17 17:39:47 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/13 09:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/19 14:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/25 11:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/12/01 14:36:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/08/29 08:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/08/29 08:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/08/29 08:51:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/06/13 11:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Gtek
[2004/08/10 12:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/10 11:57:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/17 18:55:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/01/17 18:40:04 | 00,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-360771785-396281009-1872380415-1003UA.job
[2010/01/17 18:17:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/17 18:15:04 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/17 18:14:54 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/17 18:14:52 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/17 18:14:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/17 18:14:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/17 18:14:35 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/17 18:13:40 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/01/17 18:13:40 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/17 17:35:10 | 03,827,754 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/01/17 15:21:56 | 00,210,944 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/17 11:04:16 | 00,000,285 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Iomega HDD (E).lnk
[2010/01/16 05:29:59 | 04,279,908 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/01/15 13:05:11 | 00,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-360771785-396281009-1872380415-1003Core.job
[2010/01/15 01:00:02 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/14 14:27:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/12 20:13:38 | 00,122,152 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\otlv4_h.zip
[2010/01/12 20:12:22 | 00,520,201 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/11 19:57:50 | 00,000,709 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/11 18:09:28 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 17:52:11 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/17 17:52:11 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/17 17:52:11 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/17 17:52:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/17 17:52:11 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/17 17:35:10 | 03,827,754 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/01/17 11:04:16 | 00,000,285 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Iomega HDD (E).lnk
[2010/01/12 20:13:45 | 00,819,732 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\otlv4.h
[2010/01/12 20:13:38 | 00,122,152 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\otlv4_h.zip
[2010/01/12 20:12:20 | 00,520,201 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/31 15:08:00 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/06 17:29:05 | 00,000,160 | ---- | C] () -- C:\WINDOWS\Microfit.ini
[2009/09/18 11:20:00 | 00,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/09/07 19:08:59 | 00,006,164 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PrimoPDFSet.xml
[2009/09/07 18:50:11 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/04/27 04:13:36 | 00,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/07/25 11:14:03 | 00,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008/07/25 11:06:21 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/07/25 11:02:37 | 00,039,279 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2008/07/25 11:02:28 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/07/25 11:02:28 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/10/24 11:10:58 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2007/10/24 11:10:58 | 00,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2007/10/24 11:10:58 | 00,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2007/10/24 11:10:58 | 00,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2007/10/24 11:10:58 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2007/09/25 13:38:00 | 00,007,168 | ---- | C] () -- C:\WINDOWS\speaktext32.dll
[2007/02/27 20:18:41 | 00,001,870 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/02 20:39:56 | 00,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2007/01/02 20:39:55 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2007/01/02 20:39:55 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2007/01/02 20:39:54 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2007/01/02 20:39:53 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2007/01/02 20:39:53 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2007/01/02 20:39:53 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2007/01/02 20:39:53 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2007/01/02 20:39:52 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2007/01/02 20:39:52 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2007/01/02 20:39:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2007/01/02 20:39:51 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2007/01/02 20:39:49 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2007/01/02 20:39:49 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2007/01/02 20:39:49 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2007/01/02 20:39:46 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2007/01/02 20:39:46 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2007/01/02 20:39:45 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2007/01/02 20:39:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/12/27 19:37:20 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/30 12:57:31 | 00,008,802 | R--- | C] () -- C:\WINDOWS\AmvTransform.ini
[2006/09/30 12:57:31 | 00,007,763 | R--- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2006/09/30 12:57:31 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/09/30 12:57:31 | 00,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/09/30 12:57:31 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/09/13 21:55:52 | 00,006,656 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dvd.bmk
[2006/08/24 23:22:34 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2006/08/23 10:27:01 | 00,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/06/27 09:48:59 | 00,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/13 11:35:35 | 00,000,456 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/06/13 11:35:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2006/06/13 11:34:42 | 00,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2006/05/30 18:07:45 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/05/30 08:12:00 | 00,000,037 | ---- | C] () -- C:\WINDOWS\gsp_sol.ini
[2006/05/30 08:10:33 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2006/05/25 13:49:34 | 00,210,944 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/25 10:40:59 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\1119645446.sys
[2006/05/24 22:47:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/05/24 17:53:43 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\4654641911.sys
[2006/05/21 16:52:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/21 16:49:38 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/21 16:19:40 | 00,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/09 09:51:02 | 00,002,536 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2006/04/19 00:04:53 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/04/14 10:37:26 | 00,000,031 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/03 11:10:44 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\DLXAPI32.DLL
[2004/12/20 11:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/09/01 15:49:17 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 12:12:05 | 00,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:51:21 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/05/11 11:48:00 | 00,937,984 | ---- | C] () -- C:\WINDOWS\System32\libmysql5.dll

========== LOP Check ==========

[2009/11/09 22:05:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/05/24 17:09:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3C.tmp
[2009/02/14 14:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/02/13 00:24:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2010/01/02 18:00:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/01/02 18:07:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2006/09/27 12:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2010/01/02 16:36:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/27 19:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2006/05/21 16:47:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/18 21:11:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/11 08:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/05/25 18:22:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.BitTornado
[2006/12/17 17:23:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2010/01/17 17:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DC++
[2009/07/17 17:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Forexyard
[2008/04/19 06:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2006/05/24 17:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2007/02/03 23:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microgaming
[2009/02/17 12:32:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2009/09/07 18:54:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2009/09/07 18:56:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2009/09/17 09:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Professional
[2009/03/03 14:48:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ReaSoft
[2009/03/16 21:12:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stata10
[2006/09/27 12:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Teleca
[2007/12/02 22:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2006/12/27 19:44:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2009/12/29 08:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2006/09/18 19:34:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yellow Kid
[2006/06/06 17:54:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YellowKidAA
[2010/01/17 18:55:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/01/15 01:00:02 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 01:00:18 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2002/07/11 03:24:50 | 00,139,264 | R--- | M] (C-Media Electronics Inc.) -- C:\CMUNINST.EXE
[1999/04/13 10:25:42 | 00,433,694 | R--- | M] (Hummingbird Communications Ltd.) -- C:\Manual.exe
[2003/03/20 06:21:00 | 01,855,488 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\MIXER.EXE
[1999/04/12 13:04:36 | 01,060,352 | R--- | M] () -- C:\SOLITAIR.EXE
[2005/10/31 15:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[1997/10/02 21:57:48 | 00,141,071 | ---- | M] () -- C:\unstall.exe


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Extras:

OTL Extras logfile created on: 17/01/2010 18:59:44 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Owner\My Documents\Charlie's\Software
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 568.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 18.32 Gb Free Space | 12.55% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 298.09 Gb Total Space | 151.79 Gb Free Space | 50.92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Disabled:DC++ -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Owner\My Documents\Charlie's\Software\utorrent.exe" = C:\Documents and Settings\Owner\My Documents\Charlie's\Software\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{105D3B41-2F2F-335A-C309-C859A0F4CBE8}" = FX AccuCharts
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3D2008B2-9C81-4122-BE3F-688B55FA55C5}" = Microsoft Report Viewer Redistributable 2005
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = FXDD - MetaTrader 4.00
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7689CA7A-1270-425A-9959-EB4CB25EA29A}" = Sony Ericsson PC Suite 1.20.224
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 3.57
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2BCF7AF-384B-49CD-B331-880FB0DE4B55}" = Global Trading System Pro
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}" = Windows Live Toolbar
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E981DF7F-38B6-4EBD-8A04-60FB4DE93141}" = LG Media Center
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BroadJump Client Foundation" = BroadJump Client Foundation
"Collab" = Collab
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"DC++" = DC++ 0.750
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"DellSupport" = Dell Support 5.0.0 (630)
"Ease Audio Converter_is1" = Ease Audio Converter 3.70
"ERUNT_is1" = ERUNT 1.1j
"FL Studio 8" = FL Studio 8
"FOREXYARD" = FOREXYARD (remove only)
"FXCM Trading Station" = FXCM Trading Station
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"IrfanView" = IrfanView (remove only)
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"LimeWire" = LimeWire 4.16.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microfit for Windows" = Microfit for Windows
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PalTalk8.2" = PaltalkScene
"ParadiseCasino - English" = ParadiseCasino - English
"PCI Audio Driver" = PCI Audio Driver
"PoiZone" = PoiZone
"PokerRoom.com" = PokerRoom.com (remove only)
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PROSet" = Intel® PRO Network Connections Drivers
"ReaJPEG Pro_is1" = ReaJPEG Pro 3.9
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Skype_is1" = Skype 3.1
"SopCast" = SopCast 3.0.1
"Spyware Doctor" = Spyware Doctor 6.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Texas Holdem Hand Calculator" = Texas Holdem Hand Calculator
"ToolBand.SkypeIEToolbarToolbar" = Skype add-on for IE
"TOPGUN AWS eSignal" = TOPGUN AWS eSignal
"Toxic Biohazard" = Toxic Biohazard
"Universal Document Converter_is1" = Universal Document Converter
"Update Service" = Update Service
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6a
"William Hill Poker" = William Hill Poker
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 2.0.0.127

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/01/2010 14:07:03 | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 17/01/2010 14:07:03 | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 17/01/2010 14:07:03 | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 17/01/2010 14:07:03 | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 17/01/2010 14:07:03 | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 17/01/2010 14:07:03 | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 17/01/2010 14:07:04 | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 17/01/2010 14:07:05 | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 17/01/2010 14:07:05 | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 17/01/2010 14:07:05 | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 17/01/2010 13:54:49 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
Description = The Sony Ericsson OMSI download service service terminated unexpectedly.
It has done this 1 time(s).

Error - 17/01/2010 14:03:23 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2

Error - 17/01/2010 14:03:23 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The McAfee SystemGuards service failed to start due to the following
error: %%2

Error - 17/01/2010 14:03:23 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 17/01/2010 14:03:23 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 17/01/2010 14:03:48 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
Description = The Sony Ericsson OMSI download service service terminated unexpectedly.
It has done this 1 time(s).

Error - 17/01/2010 14:14:53 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2

Error - 17/01/2010 14:14:53 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The McAfee SystemGuards service failed to start due to the following
error: %%2

Error - 17/01/2010 14:14:53 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 17/01/2010 14:16:10 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

Thanks, I really appreciate your help.. the IE errors have stopped popping up!
  • 0

#5
Cruise475
Posted 17 January 2010 - 05:32 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hello cobra kane,

While P2P File Sharing Programs are not illegal to use, the files that you download are frequently bundled with spyware, malware, and viruses. I recommend that you remove these programs in order to help protect your computer against further infections.


I noticed that your computer does not have the recovery console installed. If Combo Fix asks you to install it please do. It is a very good tool to keep on your computer in the event something goes wrong with it.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\1119645446.sys
c:\windows\system32\4654641911.sys
C:\SOLITAIR.EXE

Folder::
c:\program files\Seekmo
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SeekmoOE"=-
"SeekmoSA"=-

DirLook::
c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

RegLockDel::
[HKEY_USERS\S-1-5-21-360771785-396281009-1872380415-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{80C1CBE4-0647-8787-774F-B3D6B1F11B55}*]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. As well as a fresh OTL scan and an update on how your computer is running.

Thanks
Cruise
  • 0

#6
cobra kane
Posted 17 January 2010 - 06:23 PM

cobra kane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
CFix:

ComboFix 10-01-16.04 - Owner 18/01/2010 0:02.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.542 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"C:\SOLITAIR.EXE"
"c:\windows\system32\1119645446.sys"
"c:\windows\system32\4654641911.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DIFxAPI.dll
c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DIFxInstallLog.txt
c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\GEARAspiWDM.inf
c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\gearaspiwdmx86.cat
c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86\GEARAspi.dll
c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86\GEARAspiWDM.sys
C:\SOLITAIR.EXE
c:\windows\system32\1119645446.sys
c:\windows\system32\4654641911.sys

.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-17 20:50 . 2010-01-17 20:50 -------- d-----w- c:\documents and settings\Owner\Application Data\webex
2010-01-02 22:37 . 2010-01-02 22:37 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-02 22:37 . 2010-01-02 22:37 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-02 18:00 . 2010-01-02 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-01-02 17:59 . 2010-01-02 17:59 -------- d-----w- c:\program files\Common Files\iS3
2010-01-02 17:59 . 2010-01-02 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-02 15:28 . 2010-01-02 15:28 -------- d-----w- c:\program files\ERUNT
2009-12-31 16:24 . 2009-12-31 16:24 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-31 16:24 . 2009-12-31 16:24 -------- d-----w- c:\program files\trendmicro
2009-12-20 02:13 . 2009-12-20 02:13 27852 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-19 16:02 . 2009-12-19 16:02 -------- d-----w- c:\program files\LizardTech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 23:58 . 2009-11-23 21:18 -------- d-----w- c:\documents and settings\Owner\Application Data\DC++
2010-01-17 19:09 . 2009-09-18 11:45 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2010-01-17 13:55 . 2008-06-01 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-17 03:07 . 2009-02-13 00:09 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 2
2010-01-11 18:49 . 2009-02-16 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 16:07 . 2009-02-16 13:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-02-16 13:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 22:37 . 2006-05-21 16:37 -------- d-----w- c:\program files\Java
2010-01-02 17:48 . 2006-08-24 23:22 -------- d-----w- c:\program files\WS_FTP Pro
2010-01-02 16:47 . 2006-05-21 16:49 -------- d-----w- c:\program files\McAfee
2010-01-02 16:47 . 2006-05-21 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-02 16:36 . 2009-02-16 11:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-29 08:32 . 2007-03-29 16:46 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-12-19 16:02 . 2006-06-25 18:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-19 16:01 . 2006-05-21 16:41 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-18 21:49 . 2006-06-25 18:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-12-18 21:23 . 2009-03-18 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-18 21:11 . 2009-12-18 21:09 -------- d-----w- c:\program files\iTunes
2009-12-18 21:09 . 2006-06-25 18:06 -------- d-----w- c:\program files\iPod
2009-12-18 21:09 . 2009-05-11 08:53 -------- d-----w- c:\program files\Common Files\Apple
2009-12-18 21:07 . 2009-12-18 21:06 -------- d-----w- c:\program files\QuickTime
2009-12-18 20:59 . 2009-12-18 20:59 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-06 17:29 . 2009-12-06 17:28 -------- d-----w- c:\program files\Mfit4Win
2009-11-24 01:04 . 2006-05-25 19:37 -------- d-----w- c:\program files\LimeWire
2009-11-24 01:04 . 2007-12-26 11:47 -------- d-----w- c:\program files\Lame MP3 Codec
2009-11-24 01:04 . 2009-09-12 10:16 -------- d-----w- c:\program files\FXDD - MetaTrader 4
2009-11-24 01:04 . 2006-05-27 17:15 -------- d-----w- c:\program files\DivX
2009-11-24 01:04 . 2007-09-25 13:37 -------- d-----w- c:\program files\speaktext
2009-11-24 01:04 . 2006-12-01 14:34 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-24 01:04 . 2007-09-24 17:51 -------- d-----w- c:\program files\Windows Live Toolbar
2009-11-24 01:03 . 2009-09-07 18:55 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-24 01:03 . 2006-05-21 16:42 -------- d-----w- c:\program files\Microsoft Works
2009-11-23 21:18 . 2009-11-20 17:53 -------- d-----w- c:\program files\DC++
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} ----

2009-12-18 21:11 . 2009-12-18 21:11 3654 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DIFxInstallLog.txt
2009-06-03 10:32 . 2009-06-03 10:32 7994 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\gearaspiwdmx86.cat
2009-05-18 14:48 . 2009-05-18 14:48 2763 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\GEARAspiWDM.inf
2009-05-18 14:17 . 2009-05-18 14:17 26600 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86\GEARAspiWDM.sys
2009-02-04 14:56 . 2009-02-04 14:56 75112 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
2008-04-17 13:12 . 2008-04-17 13:12 107368 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86\GEARAspi.dll
2006-11-02 07:21 . 2006-11-02 07:21 319456 ----a-w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DIFxAPI.dll


((((((((((((((((((((((((((((( SnapShot@2010-01-17_18.15.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-17 22:31 . 2010-01-17 22:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-05-24 16:45 . 2010-01-17 18:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-05-24 16:45 . 2010-01-17 22:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-05-24 16:45 . 2010-01-17 18:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-17 22:31 . 2010-01-17 22:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-17 20:49 . 2010-01-17 20:49 49152 c:\windows\Downloaded Program Files\WebEx\924\wbxtrace.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 65536 c:\windows\Downloaded Program Files\WebEx\924\wbxcrypt.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 45125 c:\windows\Downloaded Program Files\WebEx\924\raurl.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 69632 c:\windows\Downloaded Program Files\WebEx\924\mticket.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 86016 c:\windows\Downloaded Program Files\WebEx\924\hybridaudio.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 98304 c:\windows\Downloaded Program Files\WebEx\924\atplayim.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 48201 c:\windows\Downloaded Program Files\WebEx\924\atpack.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 65536 c:\windows\Downloaded Program Files\WebEx\924\atnetext.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 24576 c:\windows\Downloaded Program Files\WebEx\924\atmemmgr.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 81408 c:\windows\Downloaded Program Files\WebEx\924\atjpeg60.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 45056 c:\windows\Downloaded Program Files\WebEx\924\atdocvu.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 18432 c:\windows\Downloaded Program Files\WebEx\924\atconc.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 53248 c:\windows\Downloaded Program Files\WebEx\924\atcarmcl.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 32648 c:\windows\Downloaded Program Files\WebEx\924\atasanot.exe
+ 2009-12-17 20:21 . 2009-12-17 20:21 99208 c:\windows\Downloaded Program Files\ieatgpc.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 46392 c:\windows\Downloaded Program Files\atmccli.dll
+ 2010-01-17 20:44 . 2010-01-17 20:44 28472 c:\windows\Downloaded Program Files\atgpcdec.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 5706 c:\windows\Downloaded Program Files\WebEx\924\atkbctl.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 165176 c:\windows\Downloaded Program Files\WebEx\924\wbxreport.exe
+ 2010-01-17 20:49 . 2010-01-17 20:49 163840 c:\windows\Downloaded Program Files\WebEx\924\uilibres.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 528384 c:\windows\Downloaded Program Files\WebEx\924\mvc.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 622592 c:\windows\Downloaded Program Files\WebEx\924\mutiltpd.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 221184 c:\windows\Downloaded Program Files\WebEx\924\msess.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 548864 c:\windows\Downloaded Program Files\WebEx\924\mmssl32.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 421888 c:\windows\Downloaded Program Files\WebEx\924\mcres.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 221184 c:\windows\Downloaded Program Files\WebEx\924\h264enc.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 274432 c:\windows\Downloaded Program Files\WebEx\924\h264dec.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 122880 c:\windows\Downloaded Program Files\WebEx\924\flvstrm.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 454656 c:\windows\Downloaded Program Files\WebEx\924\atwbxui7.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 111928 c:\windows\Downloaded Program Files\WebEx\924\atucfobj.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 278528 c:\windows\Downloaded Program Files\WebEx\924\attp.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 372736 c:\windows\Downloaded Program Files\WebEx\924\atpollk2.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 135168 c:\windows\Downloaded Program Files\WebEx\924\atpng12.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 147968 c:\windows\Downloaded Program Files\WebEx\924\atnote.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 323584 c:\windows\Downloaded Program Files\WebEx\924\atlchat.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 150091 c:\windows\Downloaded Program Files\WebEx\924\atdl2006.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 114764 c:\windows\Downloaded Program Files\WebEx\924\atasuicom.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 101256 c:\windows\Downloaded Program Files\WebEx\924\atasnt40.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 388488 c:\windows\Downloaded Program Files\WebEx\924\atasctrl.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 115273 c:\windows\Downloaded Program Files\WebEx\924\atas32.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 364544 c:\windows\Downloaded Program Files\WebEx\924\atarm.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 103736 c:\windows\Downloaded Program Files\atmgr.exe
+ 2010-01-17 20:44 . 2010-01-17 20:44 185224 c:\windows\Downloaded Program Files\atgpcext.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 324920 c:\windows\Downloaded Program Files\atcliun.exe
+ 2010-01-17 20:49 . 2010-01-17 20:49 2262328 c:\windows\Downloaded Program Files\WebEx\924\webexmgr.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 3293184 c:\windows\Downloaded Program Files\WebEx\924\pfwres.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 3047424 c:\windows\Downloaded Program Files\WebEx\924\atres.dll
+ 2010-01-17 20:49 . 2010-01-17 20:49 2207744 c:\windows\Downloaded Program Files\WebEx\924\atpdmod.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-01 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"C-Media Mixer"="Mixer.exe" [2003-03-20 1855488]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-6-30 11536384]

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-15 16:30 133104 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-01 00:28 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SeekmoOE"=c:\program files\Seekmo\bin\10.0.370.0\OEAddOn.exe
"SeekmoSA"="c:\program files\Seekmo\bin\10.0.370.0\SeekmoSA.exe"
"SiteAdvisor"=c:\program files\SiteAdvisor\6253\SiteAdv.exe
"DLCCCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Charlie's\\Software\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [09/11/2009 22:03 27632]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [09/11/2009 22:00 90112]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [16/02/2009 11:50 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-01-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]

2010-01-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-01 11:43]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-360771785-396281009-1872380415-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-15 16:30]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-360771785-396281009-1872380415-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-15 16:30]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-16 12:22]

2009-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-16 12:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6p50or2y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npdjvu.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 00:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-360771785-396281009-1872380415-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{80C1CBE4-0647-8787-774F-B3D6B1F11B55}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialjmhodmdgfijfcnj"=hex:69,61,63,63,66,65,6b,62,64,69,6a,61,6a,70,68,64,6f,67,
00,00
"habkcmjeifoeefej"=hex:69,61,63,63,66,65,6b,62,64,69,6a,61,6a,70,68,64,6f,67,
00,00
.
Completion time: 2010-01-18 00:11:19
ComboFix-quarantined-files.txt 2010-01-18 00:11
ComboFix2.txt 2010-01-17 18:22

Pre-Run: 14,804,082,688 bytes free
Post-Run: 14,786,842,624 bytes free

- - End Of File - - D63F37FBB90EFA07F9EA2A8FF9720F06

OTL logfile created on: 18/01/2010 00:14:47 - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Owner\My Documents\Charlie's\Software
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 469.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 13.79 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 298.09 Gb Total Space | 149.89 Gb Free Space | 50.28% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/17 18:42:45 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Charlie's\Software\OTL.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 00,806,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/24 14:41:58 | 00,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/30 04:36:11 | 11,536,384 | ---- | M] (AVM Software Inc.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/01 00:28:59 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/11/06 00:50:44 | 00,116,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2007/10/19 19:46:08 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/10/19 19:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/10/14 20:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/10/14 19:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/10/17 12:04:40 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2005/10/14 19:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/10/14 19:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/07/22 19:03:00 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2005/06/21 20:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2004/08/04 04:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2003/05/12 14:02:32 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/05/12 14:02:32 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2003/05/12 14:02:26 | 00,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
PRC - [2003/05/12 14:02:26 | 00,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
PRC - [2003/03/20 06:21:00 | 01,855,488 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2010/01/17 18:42:45 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Charlie's\Software\OTL.exe
MOD - [2006/08/25 15:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/30 12:23:26 | 00,090,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/04/26 11:43:23 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2007/11/06 20:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 20:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2005/06/21 20:19:38 | 00,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/19 10:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/05/12 14:02:32 | 00,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 2\components [2010/01/02 17:33:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 2\plugins [2010/01/02 17:33:08 | 00,000,000 | ---D | M]

[2009/02/13 00:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/02/13 00:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6p50or2y.default\extensions

O1 HOSTS File: ([2010/01/17 18:14:54 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1196526915968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.243.46.113 128.243.42.59
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 11:52:56 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/17 23:59:27 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/17 20:50:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\webex
[2010/01/17 17:52:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/17 17:52:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/17 17:52:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/17 17:52:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/17 17:39:47 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/13 09:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/19 14:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/25 11:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/12/01 14:36:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/08/29 08:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/08/29 08:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/08/29 08:51:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/06/13 11:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Gtek
[2004/08/10 12:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/10 11:57:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/18 00:11:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/18 00:09:20 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/17 23:55:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/01/17 23:52:31 | 00,227,328 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/17 23:40:03 | 00,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-360771785-396281009-1872380415-1003UA.job
[2010/01/17 21:09:10 | 00,013,035 | ---- | M] () -- C:\Documents and Settings\Owner\_varbasic.irf
[2010/01/17 18:17:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/17 18:14:54 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/17 18:14:52 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/17 18:14:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/17 18:14:35 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/17 18:13:40 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/01/17 18:13:40 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/17 17:35:10 | 03,827,754 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/01/17 11:04:16 | 00,000,285 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Iomega HDD (E).lnk
[2010/01/16 05:29:59 | 04,279,908 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/01/15 13:05:11 | 00,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-360771785-396281009-1872380415-1003Core.job
[2010/01/15 01:00:02 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/14 14:27:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/12 20:13:38 | 00,122,152 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\otlv4_h.zip
[2010/01/12 20:12:22 | 00,520,201 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/11 19:57:50 | 00,000,709 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/11 18:09:28 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 20:25:19 | 00,013,035 | ---- | C] () -- C:\Documents and Settings\Owner\_varbasic.irf
[2010/01/17 17:52:11 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/17 17:52:11 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/17 17:52:11 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/17 17:52:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/17 17:52:11 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/17 17:35:10 | 03,827,754 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/01/17 11:04:16 | 00,000,285 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Iomega HDD (E).lnk
[2010/01/12 20:13:45 | 00,819,732 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\otlv4.h
[2010/01/12 20:13:38 | 00,122,152 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\otlv4_h.zip
[2010/01/12 20:12:20 | 00,520,201 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/31 15:08:00 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/06 17:29:05 | 00,000,160 | ---- | C] () -- C:\WINDOWS\Microfit.ini
[2009/09/18 11:20:00 | 00,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/09/07 19:08:59 | 00,006,164 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PrimoPDFSet.xml
[2009/09/07 18:50:11 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/04/27 04:13:36 | 00,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/07/25 11:14:03 | 00,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008/07/25 11:06:21 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/07/25 11:02:37 | 00,039,279 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2008/07/25 11:02:28 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/07/25 11:02:28 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/10/24 11:10:58 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2007/10/24 11:10:58 | 00,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2007/10/24 11:10:58 | 00,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2007/10/24 11:10:58 | 00,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2007/10/24 11:10:58 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2007/09/25 13:38:00 | 00,007,168 | ---- | C] () -- C:\WINDOWS\speaktext32.dll
[2007/02/27 20:18:41 | 00,001,870 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/02 20:39:56 | 00,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2007/01/02 20:39:55 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2007/01/02 20:39:55 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2007/01/02 20:39:54 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2007/01/02 20:39:53 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2007/01/02 20:39:53 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2007/01/02 20:39:53 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2007/01/02 20:39:53 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2007/01/02 20:39:52 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2007/01/02 20:39:52 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2007/01/02 20:39:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2007/01/02 20:39:51 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2007/01/02 20:39:49 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2007/01/02 20:39:49 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2007/01/02 20:39:49 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2007/01/02 20:39:46 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2007/01/02 20:39:46 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2007/01/02 20:39:45 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2007/01/02 20:39:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/12/27 19:37:20 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/30 12:57:31 | 00,008,802 | R--- | C] () -- C:\WINDOWS\AmvTransform.ini
[2006/09/30 12:57:31 | 00,007,763 | R--- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2006/09/30 12:57:31 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/09/30 12:57:31 | 00,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/09/30 12:57:31 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/09/13 21:55:52 | 00,006,656 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dvd.bmk
[2006/08/24 23:22:34 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2006/08/23 10:27:01 | 00,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/06/27 09:48:59 | 00,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/13 11:35:35 | 00,000,456 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/06/13 11:35:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2006/06/13 11:34:42 | 00,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2006/05/30 18:07:45 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/05/30 08:12:00 | 00,000,037 | ---- | C] () -- C:\WINDOWS\gsp_sol.ini
[2006/05/30 08:10:33 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2006/05/25 13:49:34 | 00,227,328 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/24 22:47:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/05/21 16:52:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/21 16:49:38 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/21 16:19:40 | 00,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/09 09:51:02 | 00,002,536 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2006/04/19 00:04:53 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/04/14 10:37:26 | 00,000,031 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/03 11:10:44 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\DLXAPI32.DLL
[2004/12/20 11:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/09/01 15:49:17 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 12:12:05 | 00,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:51:21 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/05/11 11:48:00 | 00,937,984 | ---- | C] () -- C:\WINDOWS\System32\libmysql5.dll

========== LOP Check ==========

[2009/11/09 22:05:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/05/24 17:09:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3C.tmp
[2009/02/14 14:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/02/13 00:24:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2010/01/02 18:00:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/01/02 18:07:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2006/09/27 12:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2010/01/02 16:36:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/27 19:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2006/05/21 16:47:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/11 08:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/05/25 18:22:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.BitTornado
[2006/12/17 17:23:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2010/01/17 23:58:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DC++
[2009/07/17 17:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Forexyard
[2008/04/19 06:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2006/05/24 17:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2007/02/03 23:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Microgaming
[2009/02/17 12:32:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2009/09/07 18:54:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2009/09/07 18:56:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2009/09/17 09:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Professional
[2009/03/03 14:48:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ReaSoft
[2009/03/16 21:12:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stata10
[2006/09/27 12:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Teleca
[2007/12/02 22:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2006/12/27 19:44:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2009/12/29 08:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/01/17 20:50:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\webex
[2006/09/18 19:34:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yellow Kid
[2006/06/06 17:54:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YellowKidAA
[2010/01/17 23:55:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/01/15 01:00:02 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 01:00:18 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2002/07/11 03:24:50 | 00,139,264 | R--- | M] (C-Media Electronics Inc.) -- C:\CMUNINST.EXE
[1999/04/13 10:25:42 | 00,433,694 | R--- | M] (Hummingbird Communications Ltd.) -- C:\Manual.exe
[2003/03/20 06:21:00 | 01,855,488 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\MIXER.EXE
[2005/10/31 15:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[1997/10/02 21:57:48 | 00,141,071 | ---- | M] () -- C:\unstall.exe


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Everything is running much better and I havnt noticed any more problems since the combofix.
  • 0

#7
Cruise475
Posted 18 January 2010 - 03:17 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hello cobra kane,

Glad to hear everything is running good. A few more things to do though :) We have a lot to do in this next steps, so you may want to print these out for reference.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SeekmoOE"=-
"SeekmoSA"=-

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Next

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Next

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
You are looking for JRE 6 Update 18

Next

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

In the next post I would like to see

  • OTL Log
  • MBAM Log
  • Kaspersky Log


Thanks
Cruise
  • 0

#8
Essexboy
Posted 23 January 2010 - 01:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP