[azarl]

WOW! That's great.. Oh please, I'd really be grateful.

I'm ready for any thing but I hope this works. Does this applies to all kind of files or just JPGs?

I can't guarantee it will work at all, but I have had success with this method in the past. THere's also a risk - your machine may not boot after we've don't this, so you you need to decide whether the risk is worth it

OK. As I said, Sality is highly infectious, so to move forward we need a clean PC to download the removal tools to, and a clean USB memory stick to transfer them to the infected machine.

Notes:
Please read through tese instructions a few times until you are confident what to do before starting them. It is vital that these steps are performed in the correct order and exactly as posted. I suggest that you print off this post for reference before proceding.

In step 5 you will be asked to temporarily disable any security programs you are running (Anti-virus and Spyware). Click here for details

++++++++++ oOo +++++++++

Steps 1 & 2 are performed on the clean machine.

» Step 1 Securing the USB/Flash device «
Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
  
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

» Step 2 Download the tools we need «
Even if you already have any of the following, please download them again, as your versions may be infected
Note: All of these tools require renaming before you copy then to the infected machine

• Download SalityKiller.zip, unzip it, rename SalityKiller.exe to SK.com and save it your USB disk
• Download Combofix.exe rename ComboFix.exe to SvcHost.com and save it your USB disk
• Download drweb-cureit.exe rename drweb-cureit.exe to DrW.com and save it your USB disk

The next steps are performed on your infected machine

» Step 3 Transfer the tools to the infected machine «

• Copy SK.com to your C:\ drive on the infected machine
• Copy SvcHost.com to your desktop on the infected machine
• Copy DrW.com to your desktop on the infected machine

» Step 4 Run SalityKiller «
On the infected machine:

• Click Start > Run
• Type in: c:\SK.com -a -j -k -l c:\SKLog.txt and press enter
• A black screen will appear as the scan starts
• Once complete, Press any key to continue.
• Locate SKreport.log, in C:\. Please post the contents of SKreport.log on your next reply after you've run the remaining steps.

» Step 5 Run ComboFix «
Browse to your desktop where you placed a copy of Combofix (SvcHost.com).

• Disable your Antivirus and Antispyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on SvcHost.com & follow the prompts.
• As part of its process, ComboFix may check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  When finished, it may ask for a reboot. Please do so if requested.
  It shall produce a log for you. Please include the C:\ComboFix.txt in your next reply after you've run the remaining steps.

» Step 6 Run Dr Web «

• Doubleclick DrWeb.com, click on Start and allow it to run the express scan
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan
• Once the short scan has finished, choose the Complete Scan
• Select all drives. A red dot shows which drives have been chosen
• Click the green arrow at the right, and the scan will start
• Click Yes to all if it asks if you want to cure/move the file
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv. Open it, copy the contents and post it on your next reply. If you can't open it, rename it to Drweb.txt
• If asked to reboot, please do so. This will allow DrWebCureIT! to move/delete files that were in use

.

»Finally... «
Please let me know how you got in in your next reply and post all the logs

• SalityKiller log - SKLog.log
• Combofix log - Combofix.txt
• DrWeb log - DrwWeb.csv/DrWeb.txt

[Advertisements]

THere's also a risk - your machine may not boot after we've don't this, so you you need to decide whether the risk is worth it

Anyway I'm going to reformat the computer or at least reinstall Windows, right! So, it's better to try every thing I can do to save my stuff.
In this case, I better finish my backing-up quickly to be able to move on to these steps

OK. As I said, Sality is highly infectious, so to move forward we need a clean PC to download the removal tools to, and a clean USB memory stick to transfer them to the infected machine.

Will be there any risk at this clean computer?

[BonbonRose]

THere's also a risk - your machine may not boot after we've don't this, so you you need to decide whether the risk is worth it

Anyway I'm going to reformat the computer or at least reinstall Windows, right! So, it's better to try every thing I can do to save my stuff.
In this case, I better finish my backing-up quickly to be able to move on to these steps

OK. As I said, Sality is highly infectious, so to move forward we need a clean PC to download the removal tools to, and a clean USB memory stick to transfer them to the infected machine.

Will be there any risk at this clean computer?

[azarl]

Will be there any risk at this clean computer?

Use a clean USB stick on a clean computer for this:

• 1 - Flash Drive Disinfector
  Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  
• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
  
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

[Dakeyras]

My personal thanks to azarl for the cover...

--------------

BonbonRose, do you still require assistance? If so follow the prior instructions my colleague outlined when ready, thank you.

[Dakeyras]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[BonbonRose]

Hi guys, It's been long since last time.. I thought I'm going to die before finishing things on computer.

Any way, I only manageded to run SK.com and here's the log:

19:22:12:968 1764 scanning threads ...
19:22:20:328 1764
19:22:20:328 1764 scanning processes ...
19:22:20:921 1764
19:22:20:921 1764 removing autorun.inf files ...
19:22:21:015 1764
19:22:21:015 1764 Disabling autorun on all drive types
19:22:21:015 2480
Monitoring thread started
19:22:21:031 1764
19:22:21:031 1764 restoring SafeBoot registry node
19:22:21:031 1764 Restoring safe/network boot registry branches for windows XP
19:22:21:421 1764
19:22:21:421 1764 fixing registry ...
19:22:21:421 1764 SalityRegCure: Restoring general registry keys
19:22:21:531 1764 SalityRegCure: Fixing system.ini
19:22:21:531 1764
19:22:21:531 1764 scanning drives ...
19:22:21:531 1764 scanning C:\ ...
19:35:48:625 1764 scanning D:\ ...
19:39:04:578 1764 scanning E:\ ...
19:41:22:125 1764 scanning F:\ ...
19:41:36:953 1764 scanning G:\ ...
19:42:40:593 1764
19:42:40:593 2480
Monitoring thread stopped
19:42:40:593 1764
completed
19:42:40:593 1764 Infected files: 0
19:42:40:593 1764 Infected processes: 0
19:42:40:593 1764 Infected threads: 0
19:42:40:593 1764 Cured files: 0
19:42:40:593 1764 Will be cured on reboot: 0
19:42:40:593 1764 Executed registry scripts: 8


I can't finish the ComboFix scan because it's asking for Windows Recovery Console and I don't have it and I don't have internet connection to let ComboFix get it. I tried something I found about creating an independent bootable cd but it didn't work - I don't know if it's ok to put a link to that page or not.


PS: If I read it right, The SK log says I'm not infected; also, just today I managed to open windows in the safe moode, which normally wouldn't happen.. Does this mean I got rid of Sality or what? And what about my internet conection, I can't log onto the internet from my computer.

Edited by BonbonRose, 07 July 2011 - 05:40 PM.

[azarl]

Hi guys, It's been long since last time.. I thought I'm going to die before finishing things on computer.

Any way, I only manageded to run SK.com and here's the log:

19:22:12:968 1764 scanning threads ...
19:22:20:328 1764
19:22:20:328 1764 scanning processes ...
19:22:20:921 1764
19:22:20:921 1764 removing autorun.inf files ...
19:22:21:015 1764
19:22:21:015 1764 Disabling autorun on all drive types
19:22:21:015 2480
Monitoring thread started
19:22:21:031 1764
19:22:21:031 1764 restoring SafeBoot registry node
19:22:21:031 1764 Restoring safe/network boot registry branches for windows XP
19:22:21:421 1764
19:22:21:421 1764 fixing registry ...
19:22:21:421 1764 SalityRegCure: Restoring general registry keys
19:22:21:531 1764 SalityRegCure: Fixing system.ini
19:22:21:531 1764
19:22:21:531 1764 scanning drives ...
19:22:21:531 1764 scanning C:\ ...
19:35:48:625 1764 scanning D:\ ...
19:39:04:578 1764 scanning E:\ ...
19:41:22:125 1764 scanning F:\ ...
19:41:36:953 1764 scanning G:\ ...
19:42:40:593 1764
19:42:40:593 2480
Monitoring thread stopped
19:42:40:593 1764
completed
19:42:40:593 1764 Infected files: 0
19:42:40:593 1764 Infected processes: 0
19:42:40:593 1764 Infected threads: 0
19:42:40:593 1764 Cured files: 0
19:42:40:593 1764 Will be cured on reboot: 0
19:42:40:593 1764 Executed registry scripts: 8


I can't finish the ComboFix scan because it's asking for Windows Recovery Console and I don't have it and I don't have internet connection to let ComboFix get it. I tried something I found about creating an independent bootable cd but it didn't work - I don't know if it's ok to put a link to that page or not.


PS: If I read it right, The SK log says I'm not infected; also, just today I managed to open windows in the safe moode, which normally wouldn't happen.. Does this mean I got rid of Sality or what? And what about my internet conection, I can't log onto the internet from my computer.

Hi

Sorry for the delay, my subscription to this topic had expired.

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

• Drag the setup package onto ComboFix.exe and drop it.
  
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply.

[BonbonRose]

Hi azarl,

Thanks for fixing the Combofix problem.. I finished all the steps and here are the logs:

I already posted SK log

Combofix log:

ComboFix 11-07-11.01 - aa 07/11/2011 14:14:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.503.214 [GMT 2:00]
Running from: c:\documents and settings\aa\Desktop\Combofix.exe
Command switches used :: c:\documents and settings\aa\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\aa\WINDOWS
c:\documents and settings\All Users\Application Data\yJKUKOsvnrbuJ.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\ST6UNST.000
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NDISFILESERVICES32
.
.
((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-02 19:08 . 2010-11-12 08:13 171344 -c----w- C:\SK.com
2011-06-23 22:18 . 2011-06-23 22:18 -------- dc----w- c:\windows\speech
2011-06-23 21:28 . 1996-11-05 14:19 247648 -c--a-w- c:\windows\UNINST16.EXE
2011-06-23 03:42 . 2011-06-23 03:42 -------- dc----w- c:\program files\Replay Converter
2011-06-23 03:40 . 2011-06-23 03:40 -------- dc----w- c:\documents and settings\aa\Local Settings\Application Data\{B734406A-61B5-4E1D-A964-81B07B93BB70}
2011-06-23 01:16 . 2011-06-23 01:16 -------- dc----w- c:\documents and settings\aa\Application Data\SumatraPDF
2011-06-21 03:33 . 2011-06-21 03:33 -------- dc----w- c:\program files\Photodex Presenter
2011-06-21 03:33 . 2011-06-21 03:33 -------- dc----w- c:\documents and settings\aa\Application Data\Netscape
2011-06-18 18:12 . 2011-06-18 18:12 -------- dcsh--w- c:\windows\ftpcache
2011-06-17 19:34 . 2011-06-17 19:34 -------- d-----w- C:\found.001
2011-06-12 22:43 . 2011-07-06 13:06 -------- dc----w- c:\documents and settings\aa\Application Data\dvdcss
2011-06-12 18:08 . 2011-06-12 22:29 -------- dc----w- c:\documents and settings\aa\Application Data\BitTorrent
2011-06-12 18:07 . 2011-06-12 18:07 -------- dc----w- c:\documents and settings\aa\Local Settings\Application Data\DNA
2011-06-12 18:07 . 2011-07-11 12:21 -------- dc----w- c:\documents and settings\aa\Application Data\DNA
2011-06-12 18:07 . 2011-06-12 18:07 -------- dc----w- c:\program files\BitTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 14:29 . 2010-06-26 20:54 47104 -c--a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17 1487240 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2011-06-12 289088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-29 113664]
.
[HKLM\~\startupfolder\C:^Documents and Settings^aa^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\VIA\RAID\VIA RAID TOOL.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlarmMe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5JMWNZTHI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fauuq
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poliy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-07-04 09:31 148776 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2011-06-12 18:07 289088 -c--a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2001-08-22 12:01 35840 -c--a-w- c:\windows\system32\TaskSwitch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
2006-10-05 14:17 53248 -c----w- c:\windows\Ctregrun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 05:17 163840 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 05:17 131072 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 08:19 451872 -c--a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 14:20 4363504 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 09:50 161064 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 05:16 135168 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2010-12-11 12:22 2584384 -c--a-w- c:\program files\RFA 8\rfagent32.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\JetAudio\\JetAudio.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\aa\\Application Data\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
.
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [1/25/2010 12:32 AM 13608]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [1/1/2005 11:26 PM 1275584]
S2 CachemanService;Cacheman Service;c:\program files\Cacheman\CachemanServ.exe --> c:\program files\Cacheman\CachemanServ.exe [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 8:28 AM 11336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 08:17 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:04]
.
2011-07-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 17:17]
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
FF - ProfilePath - c:\documents and settings\aa\Application Data\Mozilla\Firefox\Profiles\tbh86gz1.Completely plane\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS2&o=41648336&locale=en_US&apn_uid=E8882CD7-0663-40D5-B312-4294B8A53B98&apn_ptnrs=9H&apn_sauid=56CC7ED8-A7E6-48AE-8348-48C03DFD4EEA&apn_dtid=YYYYYYYYEG&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Categorize: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-PeachtreePrefetcher - (no file)
MSConfigStartUp-V0330Mon - (no file)
HKLM_ActiveSetup-{9C450606-ED24-4958-92BA-B8940C99D441} - c:\program files\PixiePack Codec Pack\InstallerHelper.exe
HKLM_ActiveSetup-{TY45T244-U7U6-4F4T-YBRJ-B56Y546VYE45V} - c:\nnitedn\LODGI\NintenD.exe
AddRemove-InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-11 14:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{50f43cec-e7a9-4ff1-9f66-9edc174040b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000141
"Therad"=dword:00000026
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ab,9e,50,1b,eb,77,d1,ab,df,61,9e,85,e7,1f,1b,8d,83,e0,8b,c5,07,bb,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):28,85,dd,9d,ca,84,bf,cb,f1,23,cf,1d,d6,65,c7,15,75,63,09,89,d1,
35,25,36,8b,a8,7b,4d,da,71,20,31,da,00,fd,db,7c,bb,8b,e8,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8a,f4,16,82,0f,47,ef,ba,6c,46,1c,a0,bd,c5,e7,ed,1f,c7,b5,3b,73,
47,a0,74,f6,a3,54,f6,56,22,1c,2a,7f,47,22,aa,26,57,34,ee,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7e276be2-310d-4c68-94ea-2e3282b0edbb}]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(844)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\pvsw\bin\w3dbsmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-11 14:26:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-11 12:26
.
Pre-Run: 1,382,653,952 bytes free
Post-Run: 2,179,022,848 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A49F27C95FA4BAB1E2377173E1FEBA61

DrWeb log:

478c0513.qua;C:\Documents and Settings\All Users\Application Data\INFECTED;Container contains infected objects;Moved.;
478c05c7.qua;C:\Documents and Settings\All Users\Application Data\INFECTED;Container contains infected objects;Moved.;
478f3b6e.qua;C:\Documents and Settings\All Users\Application Data\INFECTED;Container contains infected objects;Moved.;
5f1b201c.qua;C:\Documents and Settings\All Users\Application Data\INFECTED;Container contains infected objects;Moved.;
5f1b20c8.qua;C:\Documents and Settings\All Users\Application Data\INFECTED;Container contains infected objects;Moved.;
vegas.movie.studio.hd.platinum.10.0-mpt.exe;E:\_FINISHED\vegas.movie.studio.hd.platinum.10.0-Mohsen6558;Tool.Patcher.65;Incurable.Moved.;
A0004430.exe;E:\System Volume Information\_restore{6CEE1A09-B74E-4FEA-B146-373275ED31C6}\RP4;Tool.Patcher.65;Incurable.Moved.;
478c0513.qua\data001;C:\Documents and Settings\All Users\Application Data\INFECTED\478c0513.qua;Win32.Sector.28682;;
478c05c7.qua\data001;C:\Documents and Settings\All Users\Application Data\INFECTED\478c05c7.qua;Win32.Sector.28682;;
478f3b6e.qua\data001;C:\Documents and Settings\All Users\Application Data\INFECTED\478f3b6e.qua;Win32.Sector.28682;;
5f1b201c.qua\data001;C:\Documents and Settings\All Users\Application Data\INFECTED\5f1b201c.qua;Win32.Sector.28682;;
5f1b20c8.qua\data001;C:\Documents and Settings\All Users\Application Data\INFECTED\5f1b20c8.qua;Win32.Sector.28682;;
jwgkvsq.vmx;J:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665;Win32.HLLW.Autoruner.5555;Deleted.;
yJKUKOsvnrbuJ.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data;Trojan.Fakealert.21460;Deleted.;
A0003413.exe;C:\System Volume Information\_restore{6CEE1A09-B74E-4FEA-B146-373275ED31C6}\RP4;Trojan.Fakealert.21460;Deleted.;

Anything missing?

[azarl]

• Download OTL to your Desktop
• Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:
  

  netsvcs
  /md5start
  FFComm.dll
  /md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

[BonbonRose]

OTL.Txt

OTL logfile created on: 7/13/2011 8:15:17 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\aa\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 220.27 Mb Available Physical Memory | 43.75% Memory free
1.44 Gb Paging File | 1.20 Gb Available in Paging File | 83.66% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.81 Gb Total Space | 1.87 Gb Free Space | 23.98% Space Free | Partition Type: NTFS
Drive D: | 35.15 Gb Total Space | 5.78 Gb Free Space | 16.44% Space Free | Partition Type: FAT32
Drive E: | 35.15 Gb Total Space | 11.47 Gb Free Space | 32.64% Space Free | Partition Type: FAT32
Drive F: | 35.15 Gb Total Space | 4.49 Gb Free Space | 12.79% Space Free | Partition Type: FAT32
Drive G: | 35.74 Gb Total Space | 12.09 Gb Free Space | 33.83% Space Free | Partition Type: FAT32
Drive J: | 3.82 Gb Total Space | 3.82 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: NOHA | User Name: aa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 19:17:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aa\Desktop\OTL.exe
PRC - [2011/06/12 20:07:52 | 000,289,088 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/05/03 16:33:43 | 000,013,608 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe
PRC - [2008/04/14 10:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/31 14:26:08 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe
PRC - [2005/04/06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe


========== Modules (SafeList) ==========

MOD - [2011/07/13 19:17:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aa\Desktop\OTL.exe
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WMPNetworkSvc)
SRV - File not found [On_Demand | Stopped] -- -- (SQLAgent$SONY_MEDIAMGR)
SRV - File not found [On_Demand | Stopped] -- -- (ServiceLayer)
SRV - File not found [On_Demand | Stopped] -- -- (MSSQLServerADHelper)
SRV - File not found [On_Demand | Stopped] -- -- (MSSQL$SONY_MEDIAMGR)
SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - File not found [Auto | Stopped] -- -- (CachemanService)
SRV - [2008/05/03 16:33:43 | 000,013,608 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (Pervasive.SQL Workgroup Engine)
SRV - [2005/04/06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)


========== Driver Services (SafeList) ==========

DRV - [2010/02/09 19:15:40 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/12/18 08:28:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/08/26 07:56:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/02/28 16:57:22 | 000,084,836 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2006/01/19 13:31:34 | 000,010,068 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/10/23 17:25:12 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/08/31 10:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005/08/31 10:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/07/29 16:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/12/06 15:25:20 | 000,126,720 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/10/21 12:56:08 | 001,275,584 | R--- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2001/08/17 19:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/06/27 18:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 02:34:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 02:34:25 | 000,000,000 | ---D | M]

[2010/08/14 00:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aa\Application Data\Mozilla\Extensions
[2010/08/15 20:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\ms50yud0.the other profile\extensions
[2011/05/29 18:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\tbh86gz1.Completely plane\extensions
[2011/05/23 23:52:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\tbh86gz1.Completely plane\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/11 01:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\tbh86gz1.Completely plane\extensions\[email protected]
[2011/04/12 00:11:08 | 000,000,000 | ---D | M] (Categorize) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\tbh86gz1.Completely plane\extensions\[email protected]
[2010/08/15 20:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\zb27ihgi.default\extensions
[2010/08/15 19:35:24 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\zb27ihgi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/29 18:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 12:00:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/04 11:59:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2009/10/19 16:29:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2007/08/29 23:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/10/04 11:59:47 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/11 14:22:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - Reg Error: Value error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\aa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\aa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/01 23:09:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/07/03 18:49:58 | 000,000,000 | ---D | M] - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 20:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\Desktop\New Folder
[2011/07/13 19:17:41 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aa\Desktop\OTL.exe
[2011/07/11 17:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\DoctorWeb
[2011/07/11 17:00:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/11 14:12:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/07 22:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\Desktop\recovercd
[2011/07/07 20:56:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/07 20:56:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/07 20:56:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/07 20:56:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/07 16:36:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/07 16:36:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/07 16:36:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aa\Start Menu\Programs\Administrative Tools
[2011/07/02 21:08:12 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\SK.com
[2011/06/24 00:38:41 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2011/06/24 00:38:41 | 000,318,976 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2011/06/24 00:38:40 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2011/06/24 00:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011/06/24 00:38:23 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2011/06/24 00:38:23 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2011/06/24 00:38:23 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2011/06/24 00:38:22 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2011/06/24 00:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2011/06/23 23:28:04 | 000,247,648 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\UNINST16.EXE
[2011/06/23 05:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Converter
[2011/06/23 05:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\Local Settings\Application Data\{B734406A-61B5-4E1D-A964-81B07B93BB70}
[2011/06/23 03:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\My Documents\Downloaded Installations
[2011/06/23 03:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\Application Data\SumatraPDF
[2011/06/21 05:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex Presenter
[2011/06/21 05:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\Application Data\Netscape
[2011/06/18 20:12:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2011/06/17 21:34:27 | 000,000,000 | ---D | C] -- C:\found.001
[2011/06/17 03:05:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/22 22:20:52 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\LAGARITH.DLL
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/13 20:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/13 19:17:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aa\Desktop\OTL.exe
[2011/07/13 18:53:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/13 18:53:17 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 14:16:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/11 14:22:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/11 14:12:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/06 18:02:30 | 000,232,960 | ---- | M] () -- C:\Documents and Settings\aa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 20:56:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/29 20:38:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/26 08:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/24 00:16:51 | 000,048,960 | ---- | M] () -- C:\WINDOWS\Aware40.mch
[2011/06/23 23:28:14 | 000,000,008 | ---- | M] () -- C:\WINDOWS\Q.TRD
[2011/06/23 23:23:35 | 000,000,270 | ---- | M] () -- C:\WINDOWS\mawrid.ini
[2011/06/23 22:52:54 | 001,658,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/22 02:24:01 | 000,077,217 | ---- | M] () -- C:\WINDOWS\Run32A50.mch
[2011/06/22 02:21:09 | 000,000,035 | ---- | M] () -- C:\WINDOWS\A5W.INI
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/11 14:12:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/11 14:12:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/07 20:56:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/07 20:56:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/07 20:56:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/07 20:56:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/07 20:56:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/24 00:38:41 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2011/06/24 00:38:41 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2011/06/24 00:38:41 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/06/24 00:38:40 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2011/06/24 00:38:40 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2011/06/24 00:38:40 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2011/06/24 00:38:23 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2011/06/24 00:38:22 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2011/06/24 00:38:22 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2011/06/24 00:16:51 | 000,048,960 | ---- | C] () -- C:\WINDOWS\Aware40.mch
[2011/06/23 23:24:47 | 000,000,008 | ---- | C] () -- C:\WINDOWS\Q.TRD
[2011/06/23 23:21:54 | 000,000,270 | ---- | C] () -- C:\WINDOWS\mawrid.ini
[2011/06/07 03:47:10 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2011/06/06 22:24:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\WINTOYS.INI
[2011/02/02 20:01:57 | 000,150,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/23 02:21:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/10/23 02:18:26 | 000,000,036 | ---- | C] () -- C:\WINDOWS\TOEFL.INI
[2010/08/15 15:26:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010/06/28 13:18:51 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\aa\Application Data\bdfvconp.ini
[2010/06/26 23:18:45 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2010/06/26 23:00:52 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/06/26 23:00:51 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/02/23 11:06:28 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\aa\Application Data\mainhst.zgh
[2010/02/10 17:38:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/25 00:32:20 | 000,013,608 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2009/12/06 20:16:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/19 00:34:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
[2009/03/02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/04/14 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 10:00:00 | 000,448,462 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 10:00:00 | 000,075,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 10:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/14 09:14:12 | 000,014,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2005/07/29 16:21:32 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005/01/18 20:35:36 | 000,232,960 | ---- | C] () -- C:\Documents and Settings\aa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/02 16:54:14 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/02 16:01:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/02 15:53:41 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/01/02 15:53:39 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/01/02 15:53:39 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/01/02 15:53:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/01/02 15:52:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/02 00:56:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/02 00:55:00 | 001,658,736 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/01 23:27:03 | 000,001,176 | R--- | C] () -- C:\WINDOWS\ImpTable.bin
[2005/01/01 23:26:55 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2005/01/01 23:26:55 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/01/01 23:13:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/01 23:06:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/08 08:00:22 | 000,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2001/08/22 14:01:34 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[2001/08/22 11:15:36 | 000,255,488 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe

========== LOP Check ==========

[2005/01/02 15:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\ACD Systems
[2011/01/25 04:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\avidemux
[2011/01/25 04:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\avidemux6
[2011/06/13 00:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\BitTorrent
[2005/01/18 23:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\COWON
[2009/12/06 21:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\DMCache
[2011/07/13 20:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\DNA
[2011/06/24 00:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\GetRightToGo
[2010/06/28 14:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\IMVUClient
[2010/11/09 23:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\mkvtoolnix
[2010/03/18 18:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\MP3Rocket
[2011/06/21 05:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Netscape
[2010/02/25 04:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Nokia
[2011/01/16 02:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Pavtube
[2010/02/25 04:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\PC Suite
[2010/08/27 00:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Publish Providers
[2011/03/29 22:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Sony
[2011/02/09 03:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Sony Creative Software Inc
[2011/06/23 03:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\SumatraPDF
[2010/08/06 02:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\SystemRequirementsLab
[2011/01/17 02:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Thinstall
[2011/02/17 19:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Twan Wintjes
[2011/06/12 20:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\uTorrent
[2010/04/21 23:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Vivox
[2010/02/23 19:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\ZipGenius
[2010/01/25 00:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2010/06/28 14:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/03/30 05:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/09/04 18:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2011/07/11 18:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2010/02/25 04:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/12/06 19:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/03/15 01:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2010/02/25 04:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/06/17 02:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/03/15 02:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Registry First Aid
[2011/03/15 01:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2011/03/19 15:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RFA_Backups
[2011/03/13 00:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/07/06 19:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/16 16:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2011/01/19 07:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2011/07/13 20:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: FFCOMM.DLL >
[2009/10/19 16:29:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) MD5=92B4C9AA155E39A276AE80C3A493433F -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FD2AC7E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

Extras.Txt

OTL Extras logfile created on: 7/13/2011 8:15:17 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\aa\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 220.27 Mb Available Physical Memory | 43.75% Memory free
1.44 Gb Paging File | 1.20 Gb Available in Paging File | 83.66% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.81 Gb Total Space | 1.87 Gb Free Space | 23.98% Space Free | Partition Type: NTFS
Drive D: | 35.15 Gb Total Space | 5.78 Gb Free Space | 16.44% Space Free | Partition Type: FAT32
Drive E: | 35.15 Gb Total Space | 11.47 Gb Free Space | 32.64% Space Free | Partition Type: FAT32
Drive F: | 35.15 Gb Total Space | 4.49 Gb Free Space | 12.79% Space Free | Partition Type: FAT32
Drive G: | 35.74 Gb Total Space | 12.09 Gb Free Space | 33.83% Space Free | Partition Type: FAT32
Drive J: | 3.82 Gb Total Space | 3.82 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: NOHA | User Name: aa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1583:TCP" = 1583:TCP:*:Enabled:Pervasive DBEngine
"3351:TCP" = 3351:TCP:*:Enabled:Pervasive DBEngine

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Tidy Favorites\TidyFavorites.exe" = C:\Program Files\Tidy Favorites\TidyFavorites.exe:*:Enabled:TidyFavorites

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\JetAudio\JetAudio.exe" = C:\Program Files\JetAudio\JetAudio.exe:*:Enabled:jetAudio -- (COWON America, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Documents and Settings\aa\Application Data\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\aa\Application Data\IMVUClient\1VivoxVoice.exe:*:Disabled:1VivoxVoice -- (Vivox, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BDEE284-1516-40E8-B784-00FEBE1B1033}" = Nero 7 Essentials
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{79E105B2-E97C-4EB0-9B4E-BB92B7E3AEAB}" = Peachtree Accounting 2009
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AE3A67EE-0C5D-11E0-BC1D-0013D3D69929}" = Vegas Pro 10.0
"{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}" = Microsoft Tool Web Package : EXCTRLST.EXE
"{B1924580-0C5D-11E0-B655-0013D3D69929}" = MSVCRT Redists
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E82C83C0-8897-4D91-949D-E051E3F24626}" = BlueSoleil
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Applian FLV Player2.0.24" = Applian FLV Player
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"FastStone Capture" = FastStone Capture 6.7
"GoldWave v5.18" = GoldWave v5.18
"HDMI" = Intel® Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows
"NewBlue 3D Transformations for Windows" = NewBlue 3D Transformations for Windows
"NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows
"NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows
"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
"NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows
"NewBlue Motion Effects for Windows" = NewBlue Motion Effects for Windows
"NewBlue Paint Blends for Windows" = NewBlue Paint Blends for Windows
"NewBlue Paint Effects for Windows" = NewBlue Paint Effects for Windows
"NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows
"NewBlue Video Essentials II for Windows" = NewBlue Video Essentials II for Windows
"NewBlue Video Essentials III for Windows" = NewBlue Video Essentials III for Windows
"Photodex Presenter" = Photodex Presenter
"phototoys" = Powertoys for Windows XP - Image Resizing and CD Slideshow
"Powercalc" = Powertoys for Windows XP - PowerToy Calc
"PowerToyIEFind" = Powertoys for Windows XP - IEFind
"PowertoyXPCmd" = Powertoys for Windows XP - Open Command Here
"Registry First Aid_is1" = Registry First Aid
"VLC media player" = VLC media player 1.0.2
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPtask" = Powertoys for Windows XP - Task Switcher
"xpuserswitch" = Powertoys for Windows XP Fast User Switcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2011 9:03:27 AM | Computer Name = NOHA | Source = JavaQuickStarterService | ID = 1
Description =

Error - 7/10/2011 9:53:50 AM | Computer Name = NOHA | Source = JavaQuickStarterService | ID = 1
Description =

Error - 7/11/2011 7:38:14 AM | Computer Name = NOHA | Source = JavaQuickStarterService | ID = 1
Description =

Error - 7/11/2011 8:22:19 AM | Computer Name = NOHA | Source = JavaQuickStarterService | ID = 1
Description =

Error - 7/11/2011 11:22:27 AM | Computer Name = NOHA | Source = JavaQuickStarterService | ID = 1
Description =

Error - 7/11/2011 3:57:17 PM | Computer Name = NOHA | Source = JavaQuickStarterService | ID = 1
Description =

Error - 7/11/2011 4:01:32 PM | Computer Name = NOHA | Source = JavaQuickStarterService | ID = 1
Description =

Error - 7/12/2011 6:13:40 AM | Computer Name = NOHA | Source = JavaQuickStarterService | ID = 1
Description =

Error - 7/13/2011 8:16:34 AM | Computer Name = NOHA | Source = JavaQuickStarterService | ID = 1
Description =

Error - 7/13/2011 12:53:37 PM | Computer Name = NOHA | Source = JavaQuickStarterService | ID = 1
Description =

[ OSession Events ]
Error - 11/12/2010 9:42:14 AM | Computer Name = NOHA | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 7/13/2011 12:53:55 PM | Computer Name = NOHA | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 7/13/2011 12:53:55 PM | Computer Name = NOHA | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%10050

Error - 7/13/2011 12:53:55 PM | Computer Name = NOHA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD

Error - 7/13/2011 12:53:55 PM | Computer Name = NOHA | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%2147952450

Error - 7/13/2011 12:53:57 PM | Computer Name = NOHA | Source = Service Control Manager | ID = 7000
Description = The AFD service failed to start due to the following error: %%2

Error - 7/13/2011 12:53:57 PM | Computer Name = NOHA | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%2

Error - 7/13/2011 1:05:49 PM | Computer Name = NOHA | Source = Service Control Manager | ID = 7000
Description = The AFD service failed to start due to the following error: %%2

Error - 7/13/2011 1:05:49 PM | Computer Name = NOHA | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%2

Error - 7/13/2011 1:06:28 PM | Computer Name = NOHA | Source = Service Control Manager | ID = 7000
Description = The AFD service failed to start due to the following error: %%2

Error - 7/13/2011 1:06:28 PM | Computer Name = NOHA | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%2


< End of report >

[azarl]

• Run OTL again. Make sure all other windows are closed and to let it run uninterrupted.
• Click the 'None' button at the top
• Under the Custom Scan box paste this in:
  

  
  /md5start
  sfcfiles.dll
  /md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

Copy the log in your next reply

[BonbonRose]

OTL logfile created on: 7/14/2011 3:19:19 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\aa\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 223.93 Mb Available Physical Memory | 44.48% Memory free
1.44 Gb Paging File | 1.21 Gb Available in Paging File | 84.03% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.81 Gb Total Space | 1.84 Gb Free Space | 23.52% Space Free | Partition Type: NTFS
Drive D: | 35.15 Gb Total Space | 5.78 Gb Free Space | 16.44% Space Free | Partition Type: FAT32
Drive E: | 35.15 Gb Total Space | 11.47 Gb Free Space | 32.64% Space Free | Partition Type: FAT32
Drive F: | 35.15 Gb Total Space | 4.49 Gb Free Space | 12.79% Space Free | Partition Type: FAT32
Drive G: | 35.74 Gb Total Space | 12.09 Gb Free Space | 33.83% Space Free | Partition Type: FAT32

Computer Name: NOHA | User Name: aa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 19:17:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aa\Desktop\OTL.exe
PRC - [2008/05/03 16:33:43 | 000,013,608 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe
PRC - [2008/04/14 10:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/31 14:26:08 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe
PRC - [2005/04/06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe


========== Modules (SafeList) ==========

MOD - [2011/07/13 19:17:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aa\Desktop\OTL.exe
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WMPNetworkSvc)
SRV - File not found [On_Demand | Stopped] -- -- (SQLAgent$SONY_MEDIAMGR)
SRV - File not found [On_Demand | Stopped] -- -- (ServiceLayer)
SRV - File not found [On_Demand | Stopped] -- -- (MSSQLServerADHelper)
SRV - File not found [On_Demand | Stopped] -- -- (MSSQL$SONY_MEDIAMGR)
SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - File not found [Auto | Stopped] -- -- (CachemanService)
SRV - [2008/05/03 16:33:43 | 000,013,608 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (Pervasive.SQL Workgroup Engine)
SRV - [2005/04/06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)


========== Driver Services (SafeList) ==========

DRV - [2010/02/09 19:15:40 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/12/18 08:28:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/08/26 07:56:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/02/28 16:57:22 | 000,084,836 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2006/01/19 13:31:34 | 000,010,068 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/10/23 17:25:12 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/08/31 10:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005/08/31 10:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/07/29 16:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/12/06 15:25:20 | 000,126,720 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/10/21 12:56:08 | 001,275,584 | R--- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2001/08/17 19:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/06/27 18:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 02:34:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 02:34:25 | 000,000,000 | ---D | M]

[2010/08/14 00:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aa\Application Data\Mozilla\Extensions
[2010/08/15 20:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\ms50yud0.the other profile\extensions
[2011/05/29 18:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\tbh86gz1.Completely plane\extensions
[2011/05/23 23:52:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\tbh86gz1.Completely plane\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/11 01:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\tbh86gz1.Completely plane\extensions\[email protected]
[2011/04/12 00:11:08 | 000,000,000 | ---D | M] (Categorize) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\tbh86gz1.Completely plane\extensions\[email protected]
[2010/08/15 20:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\zb27ihgi.default\extensions
[2010/08/15 19:35:24 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\aa\Application Data\Mozilla\Firefox\Profiles\zb27ihgi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/29 18:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 12:00:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/04 11:59:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2009/10/19 16:29:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2007/08/29 23:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/10/04 11:59:47 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/11 14:22:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - Reg Error: Value error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\aa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\aa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/01 23:09:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 20:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\Desktop\New Folder
[2011/07/13 19:17:41 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aa\Desktop\OTL.exe
[2011/07/11 17:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\DoctorWeb
[2011/07/11 17:00:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/11 14:12:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/07 22:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\Desktop\recovercd
[2011/07/07 20:56:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/07 20:56:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/07 20:56:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/07 20:56:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/07 16:36:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/07 16:36:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/07 16:36:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\aa\Start Menu\Programs\Administrative Tools
[2011/07/02 21:08:12 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\SK.com
[2011/06/24 00:38:41 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2011/06/24 00:38:41 | 000,318,976 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2011/06/24 00:38:40 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2011/06/24 00:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011/06/24 00:38:23 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2011/06/24 00:38:23 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2011/06/24 00:38:23 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2011/06/24 00:38:22 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2011/06/24 00:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2011/06/23 23:28:04 | 000,247,648 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\UNINST16.EXE
[2011/06/23 05:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Converter
[2011/06/23 05:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\Local Settings\Application Data\{B734406A-61B5-4E1D-A964-81B07B93BB70}
[2011/06/23 03:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\My Documents\Downloaded Installations
[2011/06/23 03:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\Application Data\SumatraPDF
[2011/06/21 05:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex Presenter
[2011/06/21 05:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aa\Application Data\Netscape
[2011/06/18 20:12:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2011/06/17 21:34:27 | 000,000,000 | ---D | C] -- C:\found.001
[2011/06/17 03:05:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/22 22:20:52 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\LAGARITH.DLL
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/14 15:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/14 13:30:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 13:30:29 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 20:38:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/13 19:17:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aa\Desktop\OTL.exe
[2011/07/13 14:16:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/11 14:22:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/11 14:12:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/06 18:02:30 | 000,232,960 | ---- | M] () -- C:\Documents and Settings\aa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 20:56:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/26 08:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/24 00:16:51 | 000,048,960 | ---- | M] () -- C:\WINDOWS\Aware40.mch
[2011/06/23 23:28:14 | 000,000,008 | ---- | M] () -- C:\WINDOWS\Q.TRD
[2011/06/23 23:23:35 | 000,000,270 | ---- | M] () -- C:\WINDOWS\mawrid.ini
[2011/06/23 22:52:54 | 001,658,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/22 02:24:01 | 000,077,217 | ---- | M] () -- C:\WINDOWS\Run32A50.mch
[2011/06/22 02:21:09 | 000,000,035 | ---- | M] () -- C:\WINDOWS\A5W.INI
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/11 14:12:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/11 14:12:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/07 20:56:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/07 20:56:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/07 20:56:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/07 20:56:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/07 20:56:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/24 00:38:41 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2011/06/24 00:38:41 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2011/06/24 00:38:41 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/06/24 00:38:40 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2011/06/24 00:38:40 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2011/06/24 00:38:40 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2011/06/24 00:38:23 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2011/06/24 00:38:22 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2011/06/24 00:38:22 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2011/06/24 00:16:51 | 000,048,960 | ---- | C] () -- C:\WINDOWS\Aware40.mch
[2011/06/23 23:24:47 | 000,000,008 | ---- | C] () -- C:\WINDOWS\Q.TRD
[2011/06/23 23:21:54 | 000,000,270 | ---- | C] () -- C:\WINDOWS\mawrid.ini
[2011/06/07 03:47:10 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2011/06/06 22:24:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\WINTOYS.INI
[2011/02/02 20:01:57 | 000,150,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/23 02:21:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/10/23 02:18:26 | 000,000,036 | ---- | C] () -- C:\WINDOWS\TOEFL.INI
[2010/08/15 15:26:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010/06/28 13:18:51 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\aa\Application Data\bdfvconp.ini
[2010/06/26 23:18:45 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2010/06/26 23:00:52 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/06/26 23:00:51 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/02/23 11:06:28 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\aa\Application Data\mainhst.zgh
[2010/02/10 17:38:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/25 00:32:20 | 000,013,608 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2009/12/06 20:16:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/19 00:34:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
[2009/03/02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/04/14 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 10:00:00 | 000,448,462 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 10:00:00 | 000,075,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 10:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/14 09:14:12 | 000,014,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2005/07/29 16:21:32 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005/01/18 20:35:36 | 000,232,960 | ---- | C] () -- C:\Documents and Settings\aa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/02 16:54:14 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/02 16:01:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/02 15:53:41 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/01/02 15:53:39 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/01/02 15:53:39 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/01/02 15:53:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/01/02 15:52:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/02 00:56:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/02 00:55:00 | 001,658,736 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/01 23:27:03 | 000,001,176 | R--- | C] () -- C:\WINDOWS\ImpTable.bin
[2005/01/01 23:26:55 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2005/01/01 23:26:55 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/01/01 23:13:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/01 23:06:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/08 08:00:22 | 000,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2001/08/22 14:01:34 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[2001/08/22 11:15:36 | 000,255,488 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe

========== LOP Check ==========

[2005/01/02 15:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\ACD Systems
[2011/01/25 04:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\avidemux
[2011/01/25 04:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\avidemux6
[2011/06/13 00:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\BitTorrent
[2005/01/18 23:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\COWON
[2009/12/06 21:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\DMCache
[2011/07/14 15:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\DNA
[2011/06/24 00:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\GetRightToGo
[2010/06/28 14:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\IMVUClient
[2010/11/09 23:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\mkvtoolnix
[2010/03/18 18:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\MP3Rocket
[2011/06/21 05:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Netscape
[2010/02/25 04:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Nokia
[2011/01/16 02:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Pavtube
[2010/02/25 04:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\PC Suite
[2010/08/27 00:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Publish Providers
[2011/03/29 22:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Sony
[2011/02/09 03:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Sony Creative Software Inc
[2011/06/23 03:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\SumatraPDF
[2010/08/06 02:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\SystemRequirementsLab
[2011/01/17 02:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Thinstall
[2011/02/17 19:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Twan Wintjes
[2011/06/12 20:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\uTorrent
[2010/04/21 23:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\Vivox
[2010/02/23 19:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aa\Application Data\ZipGenius
[2010/01/25 00:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2010/06/28 14:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/03/30 05:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/09/04 18:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2011/07/11 18:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2010/02/25 04:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/12/06 19:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/03/15 01:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2010/02/25 04:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/06/17 02:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/03/15 02:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Registry First Aid
[2011/03/15 01:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2011/03/19 15:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RFA_Backups
[2011/03/13 00:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/07/06 19:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/16 16:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2011/01/19 07:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2011/07/14 15:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: SFCFILES.DLL >
[2008/07/12 21:20:02 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=362BC5AF8EAF712832C58CC13AE05750 -- C:\WINDOWS\system32\sfcfiles.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FD2AC7E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

[azarl]

Have you got a Windows CD?

[BonbonRose]

I haven't I'm affraid.

[azarl]

Please run ComboFix again please, I'd like to see if there is any change after Dr Web was run. Post the report please