Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost.exe running rampant!


  • Please log in to reply

#1
buttonpusher

buttonpusher

    New Member

  • Member
  • Pip
  • 7 posts
The immediate problem svchost.exe craziness!
svchost.exe running rampant. I'll get the virtual memory warning. I've not got much RAM 512RDRAM and it's burning right through it. I see it using as much as 85% of the CPU. I can end the process and things speed up. What to do next is why I'm here. If anyone can lend a hand to take care of this quickly, I can then sift through this site and fix anything else that may be slowing the old girl down.

Dell Dimension 8200
Windows XP
Pentium 4 1.8Ghz
512MB RDRAM (I know... puny right?)

Thanks for any advice. Mark

I ran a Hijack this scan but lack the know how to act on it. Here is the scan log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:46:42 PM, on 9/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Microsoft Hardware\Mouse\POINT32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.n...le/index.php?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Powered by Charter Communications
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Update Service (gupdate1c98f2854237626) (gupdate1c98f2854237626) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Edited by buttonpusher, 03 September 2011 - 06:29 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply






Ron
  • 0

#3
buttonpusher

buttonpusher

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for taking the time Ron!

OTL Log
OTL logfile created on: 9/5/2011 2:16:47 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Mark\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 248.89 Mb Available Physical Memory | 48.71% Memory free
1.22 Gb Paging File | 0.80 Gb Available in Paging File | 65.56% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 38.74 Gb Free Space | 51.99% Space Free | Partition Type: NTFS

Computer Name: D2TPQF11 | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 14:11:44 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\My Documents\Downloads\OTL(1).exe
PRC - [2011/09/03 19:36:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/09/17 13:48:42 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
PRC - [2001/09/05 14:28:40 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\MMKeybd.exe
PRC - [2001/08/31 14:44:30 | 000,025,600 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe
PRC - [2001/08/06 14:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
PRC - [2001/08/01 00:26:52 | 000,073,728 | ---- | M] () -- C:\Program Files\Netropa\Traymon.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/03 19:36:25 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/09 16:43:20 | 000,130,904 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2001/08/06 14:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
MOD - [2001/08/01 00:26:52 | 000,073,728 | ---- | M] () -- C:\Program Files\Netropa\Traymon.exe
MOD - [2000/06/08 10:09:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msiosd32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (srvD24)
SRV - File not found [Auto | Stopped] -- -- (srvB4C)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2003/02/02 17:22:38 | 000,052,736 | ---- | M] (Macrovision) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2001/08/06 14:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2005/03/04 12:26:47 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2003/02/02 17:22:37 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2002/04/25 00:56:19 | 000,055,216 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/04/25 00:56:19 | 000,022,713 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/09/13 19:09:48 | 000,777,088 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1f.sys -- (emu10k) Creative SB Live! Value (WDM)
DRV - [2001/09/10 11:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/04 17:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/04 16:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 16:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/04 16:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/08/31 14:37:58 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfman.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 15:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hidgame.sys -- (hidgame)
DRV - [2001/08/17 14:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 14:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 13:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 13:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/09 22:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2001/07/25 18:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hsf_cnxt.sys -- (winachsf)
DRV - [2001/07/18 20:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\k56nt.sys -- (K56)
DRV - [2001/07/18 20:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fsksnt.sys -- (Fsks)
DRV - [2001/07/18 20:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\faxnt.sys -- (SoftFax)
DRV - [2001/07/18 20:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tonesnt.sys -- (Tones)
DRV - [2001/07/18 20:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fallback.sys -- (Fallback)
DRV - [2001/07/18 20:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\basic2.sys -- (basic2)
DRV - [2001/07/18 20:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rksample.sys -- (Rksample)
DRV - [2001/07/18 20:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\v124nt.sys -- (V124)
DRV - [2001/07/11 12:34:52 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlface.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/06/20 18:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/05/14 19:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2000/10/03 16:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.n...le/index.php?q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en&source=iglk"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.3
FF - prefs.js..extensions.enabledItems: {69D30031-F4A8-452a-A5B3-5D6787C3C5CF}:3.6
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Documents and Settings\Mark\Application Data\Facebook\npfbplugin_1_0_0.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/24 19:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/08/24 19:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 19:36:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/02 22:33:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/09/02 22:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/07/23 07:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
[2010/07/23 07:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/05/09 10:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions\[email protected]
[2011/09/02 16:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\g5x1g7k4.default\extensions
[2009/09/02 08:30:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\g5x1g7k4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/17 06:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/06 06:33:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G5X1G7K4.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G5X1G7K4.DEFAULT\EXTENSIONS\{DB2EA31C-58F5-48B7-8D60-CB0739257904}.XPI
[2011/08/24 19:48:00 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2009/02/15 00:31:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/03 19:36:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/05/06 14:40:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1259649A-7126-4DEA-B7D3-6B3739AC8A0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe (Netropa Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@[email protected] ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@[email protected] ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: adptotalsource.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D2DD414-BDE4-4D81-89B8-3ABEC1AD8934}: DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/15 08:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2941a8b2-50cb-11df-b6da-0008a115c54e}\Shell - "" = AutoRun
O33 - MountPoints2\{2941a8b2-50cb-11df-b6da-0008a115c54e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2941a8b2-50cb-11df-b6da-0008a115c54e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8b09ee65-0b77-11e0-b709-0008a115c54e}\Shell - "" = AutoRun
O33 - MountPoints2\{8b09ee65-0b77-11e0-b709-0008a115c54e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b09ee65-0b77-11e0-b709-0008a115c54e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{a32a0732-b324-11e0-b716-0008a115c54e}\Shell - "" = AutoRun
O33 - MountPoints2\{a32a0732-b324-11e0-b716-0008a115c54e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a32a0732-b324-11e0-b716-0008a115c54e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 17:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Start Menu\Programs\HiJackThis
[2011/09/02 22:50:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mark\Recent
[2011/08/31 19:56:29 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/31 19:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 19:55:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/31 19:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/25 21:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\DiskSpaceFan
[2011/08/25 21:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Disk Space Fan
[2011/08/25 21:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\DiskSpaceFan
[2011/08/25 05:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Local Settings\Application Data\AVG Security Toolbar
[2011/08/24 23:03:55 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/08/24 20:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\AVG10
[2011/08/24 19:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/24 19:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/08/24 19:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/24 19:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/24 19:00:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/24 18:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/22 18:40:35 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/08/22 18:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/08/20 20:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/08/20 17:42:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/08/20 17:42:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/08/20 17:42:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/08/20 17:42:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/08/20 17:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/08/20 17:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\IObit
[2011/08/20 17:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/08/20 12:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/08/20 12:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/18 20:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/08/17 16:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/08/16 17:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/08/15 10:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/14 12:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/14 12:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/10 17:06:48 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/10 17:06:28 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/06 16:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Local Settings\Application Data\Unity
[2002/04/25 01:00:25 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Mark\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Mark\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 13:41:22 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2011/09/05 13:40:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/09/05 09:39:13 | 131,157,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/05 09:23:28 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2011/09/04 15:03:42 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/09/03 20:35:05 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Shortcut to procexp.lnk
[2011/09/03 17:44:48 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\HiJackThis.lnk
[2011/09/02 22:50:25 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/31 19:56:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 19:42:48 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Mozilla Firefox.lnk
[2011/08/27 08:01:34 | 000,008,238 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\cc_20110827_080122.reg
[2011/08/27 05:29:04 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/26 06:23:44 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/26 06:23:44 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/25 21:01:07 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Disk Space Fan.lnk
[2011/08/24 19:46:48 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/24 18:42:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\{D9533CD4-CCD4-4176-A853-93731370DC4F}
[2011/08/22 18:40:34 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/08/21 20:49:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\{D4BA3897-AC51-4A73-B7BB-9B04E5D7AE9E}
[2011/08/20 17:03:10 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/08/20 17:03:09 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/20 17:03:07 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/08/20 12:48:08 | 000,226,032 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\cc_20110820_124734.reg
[2011/08/19 17:09:07 | 000,000,312 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
[2011/08/17 06:13:12 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Mark\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Mark\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 09:39:13 | 131,157,210 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/03 20:35:04 | 000,001,008 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Shortcut to procexp.lnk
[2011/09/03 17:44:31 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\HiJackThis.lnk
[2011/08/31 19:56:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 19:42:48 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Mozilla Firefox.lnk
[2011/08/27 08:01:32 | 000,008,238 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\cc_20110827_080122.reg
[2011/08/25 21:01:07 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Disk Space Fan.lnk
[2011/08/24 19:46:48 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/24 18:42:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/24 18:42:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/23 22:28:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\{D9533CD4-CCD4-4176-A853-93731370DC4F}
[2011/08/22 18:30:14 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/22 18:07:19 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2011/08/21 12:52:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\{D4BA3897-AC51-4A73-B7BB-9B04E5D7AE9E}
[2011/08/20 17:47:36 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/08/20 17:03:10 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/08/20 17:03:09 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/20 17:03:07 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/08/20 12:48:01 | 000,226,032 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\cc_20110820_124734.reg
[2011/08/20 12:39:00 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/09 12:22:00 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2010/04/22 17:34:52 | 000,000,031 | ---- | C] () -- C:\WINDOWS\render.ini
[2009/08/21 07:20:45 | 000,001,270 | ---- | C] () -- C:\WINDOWS\Mpcwty02.ini
[2009/05/06 14:34:15 | 000,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/06 14:34:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/06 14:34:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/06 14:34:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/01 10:10:59 | 000,000,079 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/05/17 03:03:57 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/01/10 20:05:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/04/01 19:21:06 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2006/11/12 16:08:59 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/18 08:38:56 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/12/18 08:38:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/12/15 16:33:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/15 16:33:13 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/15 16:33:05 | 000,007,283 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/10/20 18:39:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/25 21:41:31 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/03/06 10:45:32 | 000,000,155 | ---- | C] () -- C:\WINDOWS\sb_affiliate.ini
[2004/02/29 09:34:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/10/19 14:58:18 | 000,004,938 | ---- | C] () -- C:\WINDOWS\mads.dat
[2003/10/19 14:52:25 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\dutfwsinc.dat
[2003/10/19 14:50:19 | 000,007,836 | ---- | C] () -- C:\WINDOWS\wsme.ini
[2003/09/20 21:17:27 | 000,000,103 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2003/07/20 15:44:32 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2003/05/11 10:45:14 | 000,000,153 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2003/05/10 11:50:19 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/02/02 17:22:39 | 000,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2003/02/02 17:22:39 | 000,020,992 | ---- | C] () -- C:\WINDOWS\CDAC13BA.EXE
[2003/02/02 17:22:37 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2003/01/18 11:10:36 | 000,001,196 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2002/11/17 15:21:19 | 000,000,008 | ---- | C] () -- C:\WINDOWS\PhotoMAX.ini
[2002/10/24 17:35:32 | 000,000,480 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2002/05/26 13:11:15 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/05/19 11:38:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mtstack.exe
[2002/05/19 11:17:51 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2002/05/16 21:02:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dimfmobj.INI
[2002/05/16 21:02:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2002/05/16 18:57:59 | 000,000,718 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2002/05/16 18:56:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPSC80.ini
[2002/05/03 05:54:01 | 000,000,035 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/04/25 01:05:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/25 01:00:04 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2002/04/25 01:00:04 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/04/25 00:59:47 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/04/25 00:58:44 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2002/04/25 00:58:44 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2002/04/25 00:58:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2002/04/25 00:58:42 | 000,000,205 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/04/25 00:58:29 | 000,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/04/25 00:58:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/04/25 00:58:15 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/04/25 00:56:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2002/04/25 00:54:07 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/25 00:47:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2002/04/25 00:45:08 | 000,321,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/04/24 23:17:00 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/15 09:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/11/15 08:31:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/11/15 08:28:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/08/23 16:07:14 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 16:07:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/10 14:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/08/07 16:22:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/08/06 14:41:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Nhksrv.exe
[2001/08/02 12:56:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\MMKeybd.dll
[2001/01/24 01:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/09/13 22:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 15:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== Custom Scans ==========


< >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2001/11/15 08:22:22 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2001/11/15 08:22:22 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2001/11/15 08:22:22 | 000,380,928 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/12/20 10:46:53 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2002/04/25 01:02:28 | 000,000,044 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\INSTALL.LOG

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2009/05/17 10:12:39 | 000,008,192 | -HS- | M] () -- C:\WINDOWS\system32\Thumbs.db
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-25 22:51:00

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

OTL Extras Log
OTL Extras logfile created on: 9/5/2011 2:16:47 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Mark\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 248.89 Mb Available Physical Memory | 48.71% Memory free
1.22 Gb Paging File | 0.80 Gb Available in Paging File | 65.56% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 38.74 Gb Free Space | 51.99% Space Free | Partition Type: NTFS

Computer Name: D2TPQF11 | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"67:UDP" = 67:UDP:*:Enabled:DHCP Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Messaging)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}" = Backup Dell-Installed Programs
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{6B6BC247-19EF-11D5-B1AF-006097A63005}" = Zio Secure Digital/MultiMedia Reader
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"AMA" = Mechanical Desktop Migration Assistance
"AVG" = AVG 2011
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner
"CdaC13Ba" = SafeCast Shared Components
"CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0" = Conexant HSF V92 56K Data Fax PCI Modem
"Disk Space Fan_is1" = Disk Space Fan 2.2.7.821
"ie8" = Windows Internet Explorer 8
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{99CC78D1-2356-497C-84C1-F239884001EC}" = Turbo Lister
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mechanical Desktop 4 Uninstall" = Mechanical Desktop 4
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Sound Blaster Live! Value" = Sound Blaster Live! Value
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Charter Browser Updater" = Charter Browser Updater
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 9/5/2011 1:55:57 PM | Computer Name = D2TPQF11 | Source = Service Control Manager | ID = 7034
Description = The Cryptographic Services service terminated unexpectedly. It has
done this 2 time(s).

Error - 9/5/2011 1:55:57 PM | Computer Name = D2TPQF11 | Source = Service Control Manager | ID = 7034
Description = The COM+ Event System service terminated unexpectedly. It has done
this 2 time(s).

Error - 9/5/2011 1:55:57 PM | Computer Name = D2TPQF11 | Source = Service Control Manager | ID = 7034
Description = The Network Location Awareness (NLA) service terminated unexpectedly.
It has done this 2 time(s).

Error - 9/5/2011 2:18:01 PM | Computer Name = D2TPQF11 | Source = Service Control Manager | ID = 7031
Description = The Background Intelligent Transfer Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 9/5/2011 2:18:01 PM | Computer Name = D2TPQF11 | Source = Service Control Manager | ID = 7034
Description = The COM+ Event System service terminated unexpectedly. It has done
this 6 time(s).

Error - 9/5/2011 2:18:01 PM | Computer Name = D2TPQF11 | Source = Service Control Manager | ID = 7034
Description = The Network Location Awareness (NLA) service terminated unexpectedly.
It has done this 6 time(s).

Error - 9/5/2011 2:18:01 PM | Computer Name = D2TPQF11 | Source = Service Control Manager | ID = 7034
Description = The Remote Access Connection Manager service terminated unexpectedly.
It has done this 6 time(s).

Error - 9/5/2011 2:18:01 PM | Computer Name = D2TPQF11 | Source = Service Control Manager | ID = 7034
Description = The System Event Notification service terminated unexpectedly. It
has done this 6 time(s).

Error - 9/5/2011 2:18:01 PM | Computer Name = D2TPQF11 | Source = Service Control Manager | ID = 7034
Description = The Telephony service terminated unexpectedly. It has done this 6
time(s).

Error - 9/5/2011 2:18:01 PM | Computer Name = D2TPQF11 | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 6 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.


< End of report >
Combofix Log
ComboFix 11-09-05.05 - Mark 09/05/2011 15:02:08.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.293 [GMT -4:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Mark\WINDOWS
c:\windows\CDAC13BA.EXE
c:\windows\CDAC14BA.DLL
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-08-31 23:56 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-31 23:55 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 23:55 . 2011-08-31 23:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-26 01:02 . 2011-08-26 01:08 -------- d-----w- c:\documents and settings\Mark\Application Data\DiskSpaceFan
2011-08-26 01:00 . 2011-08-26 01:01 -------- d-----w- c:\program files\DiskSpaceFan
2011-08-25 09:44 . 2011-08-25 09:44 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\AVG Security Toolbar
2011-08-25 03:03 . 2011-08-25 03:03 -------- d-----w- C:\$AVG
2011-08-25 00:04 . 2011-08-25 00:04 -------- d-----w- c:\documents and settings\Mark\Application Data\AVG10
2011-08-24 23:48 . 2011-08-24 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-08-24 23:24 . 2011-09-05 13:41 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-24 23:24 . 2011-08-24 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-08-24 23:00 . 2011-08-24 23:00 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-24 22:59 . 2011-08-25 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-24 02:29 . 2011-08-24 02:29 0 ---ha-w- c:\documents and settings\Mark\Local Settings\Application Data\BIT125.tmp
2011-08-22 22:40 . 2011-08-22 22:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-22 22:28 . 2011-08-27 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-08-22 22:07 . 2002-12-29 05:14 81920 ----a-w- c:\windows\system32\Startup.cpl
2011-08-21 16:53 . 2011-08-21 16:53 0 ---ha-w- c:\documents and settings\Mark\Local Settings\Application Data\BIT2CC.tmp
2011-08-21 00:27 . 2011-08-21 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-08-20 21:43 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-08-20 21:42 . 2011-08-20 21:42 -------- d-----w- c:\windows\system32\winrm
2011-08-20 21:42 . 2011-08-20 21:42 -------- d-----w- c:\windows\system32\GroupPolicy
2011-08-20 21:42 . 2011-08-20 21:42 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-08-20 21:02 . 2011-08-26 00:18 -------- d-----w- c:\documents and settings\Mark\Application Data\IObit
2011-08-20 21:02 . 2011-08-20 21:02 -------- d-----w- c:\program files\IObit
2011-08-20 16:38 . 2011-09-03 02:50 -------- d-----w- c:\program files\CCleaner
2011-08-17 20:03 . 2011-08-17 20:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-08-16 21:42 . 2011-08-16 21:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-14 16:43 . 2011-08-14 16:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-10 21:06 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 21:06 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-06 20:41 . 2011-09-03 02:28 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 21:44 . 2011-09-03 21:44 388096 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-11 07:13 . 2009-05-07 19:10 4332 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-07-15 13:29 . 2001-08-18 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-18 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2001-08-18 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-02-29 13:35 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-02-29 13:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2001-08-18 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-09-03 23:36 . 2011-08-17 10:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellTouch"="c:\windows\MMKeybd.exe" [2001-09-05 163840]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvB4C]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvD24]
@="service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
backup=c:\windows\pss\Camio Viewer 2000.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2001-09-04 20:31 655360 -c--a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
2011-08-09 20:56 417112 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
2001-03-28 06:00 102400 -c--a-w- c:\program files\Creative\SBLive\Program\AHQINIT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-04-18 21:40 2334560 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2010-11-21 00:17 283792 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
2001-09-05 18:28 163840 ----a-w- c:\windows\MMKeybd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ----a-w- c:\windows\Updreg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=2 (0x2)
"McShield"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"WZCSVC"=2 (0x2)
"stisvc"=2 (0x2)
"lanmanserver"=2 (0x2)
"wscsvc"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"SysmonLog"=3 (0x3)
"PolicyAgent"=3 (0x3)
"ImapiService"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"TrkWks"=3 (0x3)
"Browser"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Server
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [1/7/2011 6:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [4/5/2011 12:59 AM 297168]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [10/3/2000 4:18 PM 6942]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [8/31/2011 7:56 PM 41272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srvD24
srvB4C
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc5123c80e3020.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 04:46]
.
2002-04-27 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-02-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
Trusted Zone: adptotalsource.com\www
TCP: DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\g5x1g7k4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e558db8&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - (no file)
MSConfigStartUp-Ink Monitor - c:\program files\EPSON\Ink Monitor\InkMonitor.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\Money Express.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-POINTER - point32.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
AddRemove-CdaC13Ba - c:\windows\CDAC13BA.EXE
AddRemove-Creative News - c:\program files\Creative\News\CTNews.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-05 15:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: MAXTOR_6L080L4 rev.A93.0500 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8325A2E0
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srvB4C]
"servicedll"="\\?\globalroot\Device\HarddiskVolume2\WINDOWS\temp\srvB4C.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srvD24]
"servicedll"="\\?\globalroot\Device\HarddiskVolume2\WINDOWS\temp\srvD24.tmp"
.
Completion time: 2011-09-05 15:56:14
ComboFix-quarantined-files.txt 2011-09-05 19:56
.
Pre-Run: 41,470,980,096 bytes free
Post-Run: 42,436,263,936 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3EB9CB06CEA7FFD661D19FF98DF0CBEC

Malwarbytes Log
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7624

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/5/2011 4:27:25 PM
mbam-log-2011-09-05 (16-27-23).txt

Scan type: Quick scan
Objects scanned: 175830
Time elapsed: 17 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
TDSSKiller Log
2011/09/05 16:33:51.0921 2948 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 16:33:52.0515 2948 ================================================================================
2011/09/05 16:33:52.0515 2948 SystemInfo:
2011/09/05 16:33:52.0515 2948
2011/09/05 16:33:52.0515 2948 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/05 16:33:52.0515 2948 Product type: Workstation
2011/09/05 16:33:52.0515 2948 ComputerName: D2TPQF11
2011/09/05 16:33:52.0515 2948 UserName: Mark
2011/09/05 16:33:52.0515 2948 Windows directory: C:\WINDOWS
2011/09/05 16:33:52.0515 2948 System windows directory: C:\WINDOWS
2011/09/05 16:33:52.0515 2948 Processor architecture: Intel x86
2011/09/05 16:33:52.0515 2948 Number of processors: 1
2011/09/05 16:33:52.0515 2948 Page size: 0x1000
2011/09/05 16:33:52.0515 2948 Boot type: Normal boot
2011/09/05 16:33:52.0515 2948 ================================================================================
2011/09/05 16:33:56.0359 2948 Initialize success
2011/09/05 16:34:05.0812 2920 ================================================================================
2011/09/05 16:34:05.0812 2920 Scan started
2011/09/05 16:34:05.0812 2920 Mode: Manual;
2011/09/05 16:34:05.0812 2920 ================================================================================
2011/09/05 16:34:09.0312 2920 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/09/05 16:34:09.0828 2920 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/05 16:34:09.0953 2920 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/05 16:34:10.0046 2920 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/09/05 16:34:10.0234 2920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/05 16:34:10.0390 2920 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/05 16:34:10.0531 2920 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/05 16:34:10.0718 2920 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/09/05 16:34:10.0843 2920 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/09/05 16:34:10.0953 2920 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/09/05 16:34:11.0078 2920 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/09/05 16:34:11.0265 2920 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/09/05 16:34:11.0359 2920 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/09/05 16:34:11.0484 2920 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/09/05 16:34:11.0625 2920 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/09/05 16:34:11.0765 2920 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/09/05 16:34:11.0890 2920 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/09/05 16:34:12.0031 2920 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/09/05 16:34:12.0218 2920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/05 16:34:12.0343 2920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/05 16:34:12.0703 2920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/05 16:34:12.0843 2920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/05 16:34:13.0015 2920 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/05 16:34:13.0171 2920 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/05 16:34:13.0312 2920 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/05 16:34:13.0453 2920 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/05 16:34:13.0593 2920 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/05 16:34:13.0734 2920 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/05 16:34:13.0953 2920 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/05 16:34:14.0109 2920 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/05 16:34:14.0250 2920 basic2 (9372cc48814a17e67c28945eb4acc189) C:\WINDOWS\system32\DRIVERS\basic2.sys
2011/09/05 16:34:14.0375 2920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/05 16:34:14.0515 2920 bvrp_pci (c043ca48f1f5c00ff8272180fbbd15e9) C:\WINDOWS\system32\drivers\bvrp_pci.sys
2011/09/05 16:34:14.0750 2920 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/09/05 16:34:14.0875 2920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/05 16:34:15.0015 2920 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/09/05 16:34:15.0187 2920 CdaC15BA (69419792390122eefd84e598d896715b) C:\WINDOWS\System32\drivers\CdaC15BA.SYS
2011/09/05 16:34:15.0375 2920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/05 16:34:15.0546 2920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/05 16:34:15.0687 2920 Cdr4_xp (4ac2e023b8bbee458816d30db0bf149a) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/09/05 16:34:15.0812 2920 Cdralw2k (7e56d7ab50e08b393b640c0be898c752) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/09/05 16:34:15.0968 2920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/05 16:34:16.0140 2920 cdudf_xp (5b20a47b0413240cdb93106bd58602a1) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/09/05 16:34:16.0421 2920 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/09/05 16:34:16.0562 2920 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/09/05 16:34:16.0734 2920 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2011/09/05 16:34:16.0859 2920 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/09/05 16:34:17.0015 2920 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/09/05 16:34:17.0171 2920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/05 16:34:17.0296 2920 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
2011/09/05 16:34:17.0531 2920 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/05 16:34:17.0750 2920 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/05 16:34:17.0890 2920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/05 16:34:18.0093 2920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/05 16:34:18.0218 2920 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/09/05 16:34:18.0375 2920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/05 16:34:18.0500 2920 dvd_2K (3677e155d87dda2bc53142d7d234d12a) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/09/05 16:34:18.0625 2920 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/09/05 16:34:18.0843 2920 emu10k (ae4e46d96e9d33790c8617e36791b576) C:\WINDOWS\system32\drivers\emu10k1f.sys
2011/09/05 16:34:19.0218 2920 emu10k1 (aadc81e967c25dd7c90e150fec6eab74) C:\WINDOWS\system32\drivers\ctlface.sys
2011/09/05 16:34:19.0437 2920 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\System32\Drivers\EPLPDX02.SYS
2011/09/05 16:34:19.0687 2920 Fallback (9ea76a7f28cd968f8adc709e479f23b2) C:\WINDOWS\system32\DRIVERS\fallback.sys
2011/09/05 16:34:20.0000 2920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/05 16:34:20.0140 2920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/05 16:34:20.0296 2920 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/05 16:34:20.0453 2920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/05 16:34:20.0609 2920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/05 16:34:20.0765 2920 Fsks (b7b262d0431374f3afd1349e35b368d9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys
2011/09/05 16:34:20.0890 2920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/05 16:34:21.0046 2920 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/05 16:34:21.0343 2920 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/09/05 16:34:21.0546 2920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/05 16:34:21.0921 2920 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys
2011/09/05 16:34:22.0328 2920 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/05 16:34:22.0671 2920 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/09/05 16:34:22.0921 2920 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
2011/09/05 16:34:23.0218 2920 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2011/09/05 16:34:23.0546 2920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/05 16:34:23.0687 2920 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/05 16:34:23.0843 2920 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/09/05 16:34:24.0000 2920 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/05 16:34:24.0187 2920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/05 16:34:24.0375 2920 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/09/05 16:34:24.0531 2920 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/05 16:34:24.0671 2920 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/05 16:34:24.0828 2920 IPFilter (d0b3dee109af605885c46a59bfc24cd2) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2011/09/05 16:34:24.0984 2920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/05 16:34:25.0125 2920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/05 16:34:25.0281 2920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/05 16:34:25.0437 2920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/05 16:34:25.0593 2920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/05 16:34:25.0765 2920 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/05 16:34:25.0968 2920 K56 (a4e3277398c8aba999483d4c658c9696) C:\WINDOWS\system32\DRIVERS\k56nt.sys
2011/09/05 16:34:26.0140 2920 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/05 16:34:26.0328 2920 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/05 16:34:26.0812 2920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/05 16:34:26.0968 2920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/05 16:34:27.0390 2920 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/09/05 16:34:27.0578 2920 mmc_2K (a54fd7e564c996cfcee6ee7491f3c318) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/09/05 16:34:27.0734 2920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/05 16:34:27.0968 2920 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/05 16:34:28.0203 2920 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/05 16:34:28.0421 2920 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/05 16:34:28.0562 2920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/05 16:34:28.0718 2920 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/09/05 16:34:28.0953 2920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/05 16:34:29.0125 2920 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/05 16:34:29.0468 2920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/05 16:34:29.0734 2920 Msikbd2k (877ffd0fb093b80f5ed6ba64d7921881) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
2011/09/05 16:34:29.0906 2920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/05 16:34:30.0078 2920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/05 16:34:30.0234 2920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/05 16:34:30.0406 2920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/05 16:34:30.0609 2920 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/05 16:34:30.0843 2920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/05 16:34:31.0000 2920 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/05 16:34:31.0187 2920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/05 16:34:31.0343 2920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/05 16:34:31.0468 2920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/05 16:34:31.0656 2920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/05 16:34:31.0875 2920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/05 16:34:32.0171 2920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/05 16:34:32.0328 2920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/05 16:34:32.0500 2920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/05 16:34:32.0671 2920 nv (e94c5c3279492db63ffa124aa38a12b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/05 16:34:32.0921 2920 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
2011/09/05 16:34:33.0125 2920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/05 16:34:33.0328 2920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/05 16:34:33.0562 2920 OMCI (e1e54131462b63efefaf14aca8e4012b) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/09/05 16:34:33.0984 2920 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/09/05 16:34:34.0468 2920 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/05 16:34:34.0875 2920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/05 16:34:35.0296 2920 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/05 16:34:35.0859 2920 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/05 16:34:36.0406 2920 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2011/09/05 16:34:36.0578 2920 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/05 16:34:38.0250 2920 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/09/05 16:34:38.0640 2920 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/09/05 16:34:39.0250 2920 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2011/09/05 16:34:39.0453 2920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/05 16:34:39.0593 2920 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/05 16:34:39.0796 2920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/05 16:34:39.0937 2920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/05 16:34:40.0156 2920 pwd_2K (dd37e1d9f08eec0cb0fc84e010f33c3b) C:\WINDOWS\system32\drivers\pwd_2K.sys
2011/09/05 16:34:40.0296 2920 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/09/05 16:34:40.0468 2920 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/09/05 16:34:40.0625 2920 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/09/05 16:34:40.0781 2920 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/09/05 16:34:40.0968 2920 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/09/05 16:34:41.0125 2920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/05 16:34:41.0312 2920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/05 16:34:41.0500 2920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/05 16:34:41.0703 2920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/05 16:34:41.0859 2920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/05 16:34:42.0046 2920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/05 16:34:42.0218 2920 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/05 16:34:42.0406 2920 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/05 16:34:42.0578 2920 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/05 16:34:42.0781 2920 Rksample (4c35e57300a2dc5932a8e29efa527c32) C:\WINDOWS\system32\DRIVERS\rksample.sys
2011/09/05 16:34:43.0062 2920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/05 16:34:43.0250 2920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/05 16:34:43.0406 2920 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/05 16:34:43.0625 2920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/05 16:34:43.0765 2920 sfman (28b740a66cb88be3d0cd93d5664d7d88) C:\WINDOWS\system32\drivers\sfman.sys
2011/09/05 16:34:44.0046 2920 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/09/05 16:34:44.0203 2920 SoftFax (413cfa795cad19a010889df0ec060408) C:\WINDOWS\system32\DRIVERS\faxnt.sys
2011/09/05 16:34:44.0343 2920 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/09/05 16:34:44.0468 2920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/05 16:34:44.0734 2920 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/05 16:34:44.0937 2920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/05 16:34:45.0203 2920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/05 16:34:45.0375 2920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/05 16:34:45.0515 2920 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/09/05 16:34:45.0625 2920 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/09/05 16:34:45.0750 2920 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/09/05 16:34:45.0890 2920 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/09/05 16:34:46.0078 2920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/05 16:34:46.0359 2920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/05 16:34:46.0562 2920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/05 16:34:46.0703 2920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/05 16:34:46.0890 2920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/05 16:34:47.0062 2920 Tones (e0f10a379239b4fab319c55a9cd6bc96) C:\WINDOWS\system32\DRIVERS\tonesnt.sys
2011/09/05 16:34:47.0187 2920 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/09/05 16:34:47.0343 2920 UdfReadr_xp (3af8116d049e6f98a6d37913da989984) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/09/05 16:34:47.0484 2920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/05 16:34:47.0593 2920 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/09/05 16:34:47.0734 2920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/05 16:34:47.0937 2920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/05 16:34:48.0078 2920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/05 16:34:48.0250 2920 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/05 16:34:48.0390 2920 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/05 16:34:48.0531 2920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/05 16:34:48.0656 2920 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/05 16:34:48.0796 2920 V124 (177b65899d418f8c8f037b20567a99d6) C:\WINDOWS\system32\DRIVERS\v124nt.sys
2011/09/05 16:34:48.0937 2920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/05 16:34:49.0093 2920 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/09/05 16:34:49.0250 2920 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/09/05 16:34:49.0406 2920 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/05 16:34:49.0640 2920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/05 16:34:49.0859 2920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/05 16:34:50.0140 2920 winachsf (a941aa38e3951058e584c4bbddd56ed9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/05 16:34:50.0562 2920 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/05 16:34:50.0703 2920 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/05 16:34:50.0906 2920 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/05 16:34:51.0078 2920 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/05 16:34:51.0234 2920 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0
2011/09/05 16:34:51.0234 2920 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/09/05 16:34:51.0296 2920 Boot (0x1200) (41ed03994d75c730303ac436ff101487) \Device\Harddisk0\DR0\Partition0
2011/09/05 16:34:51.0328 2920 ================================================================================
2011/09/05 16:34:51.0328 2920 Scan finished
2011/09/05 16:34:51.0328 2920 ================================================================================
2011/09/05 16:34:51.0421 2972 Detected object count: 1
2011/09/05 16:34:51.0421 2972 Actual detected object count: 1
2011/09/05 16:35:20.0687 2972 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/09/05 16:35:20.0687 2972 \Device\Harddisk0\DR0 - ok
2011/09/05 16:35:20.0687 2972 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/05 16:35:25.0125 2544 Deinitialize success

aswMBR Log
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-05 16:42:37
-----------------------------
16:42:38.046 OS Version: Windows 5.1.2600 Service Pack 3
16:42:38.046 Number of processors: 1 586 0x102
16:42:38.046 ComputerName: D2TPQF11 UserName: Mark
16:43:11.187 Initialize success
16:45:03.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:45:03.000 Disk 0 Vendor: MAXTOR_6L080L4 A93.0500 Size: 76345MB BusType: 3
16:45:05.015 Disk 0 MBR read successfully
16:45:05.031 Disk 0 MBR scan
16:45:05.031 Disk 0 Windows XP default MBR code
16:45:05.031 Disk 0 scanning sectors +156344580
16:45:05.234 Disk 0 scanning C:\WINDOWS\system32\drivers
16:45:24.343 Service scanning
16:45:26.281 Modules scanning
16:45:45.812 Scan finished successfully
16:46:52.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark\Desktop\MBR.dat"
16:46:52.406 The log file has been saved successfully to "C:\Documents and Settings\Mark\Desktop\aswMBR.txt"
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library
C:\Documents and Settings\All Users\Application Data\Common Files

File::
c:\documents and settings\Mark\Local Settings\Application Data\BIT125.tmp
c:\documents and settings\Mark\Local Settings\Application Data\BIT2CC.tmp
c:\windows\Tasks\ISP signup reminder 1.job


Driver::
Lavasoft Kernexplorer

Folder::
C:\program files\mcafee.com

RootKit::
C:\WINDOWS\temp\srvB4C.tmp
C:\WINDOWS\temp\srvD24.tmp


Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srvB4C]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srvD24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs]
"srvD24"=-
"srvB4C"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvB4C]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvD24]
******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:Services
srvD24
srvB4C
AppMgmt
C-DillaCdaC11BA

:OTL
SRV - File not found [Auto | Stopped] -- -- (srvD24)
SRV - File not found [Auto | Stopped] -- -- (srvB4C)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
[2010/12/06 06:33:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O33 - MountPoints2\{2941a8b2-50cb-11df-b6da-0008a115c54e}\Shell - "" = AutoRun
O33 - MountPoints2\{2941a8b2-50cb-11df-b6da-0008a115c54e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2941a8b2-50cb-11df-b6da-0008a115c54e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8b09ee65-0b77-11e0-b709-0008a115c54e}\Shell - "" = AutoRun
O33 - MountPoints2\{8b09ee65-0b77-11e0-b709-0008a115c54e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b09ee65-0b77-11e0-b709-0008a115c54e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{a32a0732-b324-11e0-b716-0008a115c54e}\Shell - "" = AutoRun
O33 - MountPoints2\{a32a0732-b324-11e0-b716-0008a115c54e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a32a0732-b324-11e0-b716-0008a115c54e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config srvD24 start= disabled /c
sc config srvB4C start= disabled /c
sc config AppMgmt start= disabled /c
sc config C-DillaCdaC11BA start= disabled /c
    
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
buttonpusher

buttonpusher

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 11-09-05.05 - Mark 09/05/2011 20:45:25.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.199 [GMT -4:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mark\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\documents and settings\Mark\Local Settings\Application Data\BIT125.tmp"
"c:\documents and settings\Mark\Local Settings\Application Data\BIT2CC.tmp"
"c:\windows\Tasks\ISP signup reminder 1.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Service_Lavasoft Kernexplorer
.
.
((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2011-09-05 21:21 . 2002-12-02 05:00 91648 ----a-w- c:\windows\system32\E_SAGSET.DLL
2011-09-05 21:21 . 2003-02-19 05:04 72825 ----a-w- c:\windows\system32\EBPMON24.DLL
2011-09-05 21:21 . 2002-03-01 05:00 69120 ----a-w- c:\windows\system32\EAL.EXE
2011-09-05 21:21 . 2002-03-01 05:00 44544 ----a-w- c:\windows\system32\EAL32.DLL
2011-09-05 21:20 . 2011-09-05 21:23 -------- d-----w- c:\program files\EPSON
2011-09-03 21:44 . 2011-09-03 21:44 388096 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-31 23:56 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-31 23:55 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 23:55 . 2011-08-31 23:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-26 01:02 . 2011-08-26 01:08 -------- d-----w- c:\documents and settings\Mark\Application Data\DiskSpaceFan
2011-08-26 01:00 . 2011-08-26 01:01 -------- d-----w- c:\program files\DiskSpaceFan
2011-08-25 09:44 . 2011-08-25 09:44 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\AVG Security Toolbar
2011-08-25 03:03 . 2011-08-25 03:03 -------- d-----w- C:\$AVG
2011-08-25 00:04 . 2011-08-25 00:04 -------- d-----w- c:\documents and settings\Mark\Application Data\AVG10
2011-08-24 23:48 . 2011-08-24 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-08-24 23:24 . 2011-09-05 13:41 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-24 23:24 . 2011-08-24 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-08-24 23:00 . 2011-08-24 23:00 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-24 22:59 . 2011-08-25 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-24 02:29 . 2011-08-24 02:29 0 ---ha-w- c:\documents and settings\Mark\Local Settings\Application Data\BIT125.tmp
2011-08-22 22:40 . 2011-08-22 22:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-22 22:28 . 2011-08-27 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-08-22 22:07 . 2002-12-29 05:14 81920 ----a-w- c:\windows\system32\Startup.cpl
2011-08-21 16:53 . 2011-08-21 16:53 0 ---ha-w- c:\documents and settings\Mark\Local Settings\Application Data\BIT2CC.tmp
2011-08-21 00:27 . 2011-08-21 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-08-20 21:43 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-08-20 21:42 . 2011-08-20 21:42 -------- d-----w- c:\windows\system32\winrm
2011-08-20 21:42 . 2011-08-20 21:42 -------- d-----w- c:\windows\system32\GroupPolicy
2011-08-20 21:42 . 2011-08-20 21:42 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-08-20 21:02 . 2011-08-26 00:18 -------- d-----w- c:\documents and settings\Mark\Application Data\IObit
2011-08-20 21:02 . 2011-08-20 21:02 -------- d-----w- c:\program files\IObit
2011-08-20 16:38 . 2011-09-03 02:50 -------- d-----w- c:\program files\CCleaner
2011-08-17 20:03 . 2011-08-17 20:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-08-16 21:42 . 2011-08-16 21:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-14 16:43 . 2011-08-14 16:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-10 21:06 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 21:06 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 07:13 . 2009-05-07 19:10 4332 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-07-15 13:29 . 2001-08-18 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-18 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2001-08-18 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-02-29 13:35 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-02-29 13:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2001-08-18 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-09-03 23:36 . 2011-08-17 10:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\documents and settings\All Users\Application Data\Common Files ----
.
2011-08-24 23:00 . 2011-08-24 23:00 96 ---ha-w- c:\documents and settings\All Users\Application Data\Common Files\1269755B-445E-BB96-216B-227CD0EFD662.dat
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"DellTouch"="c:\windows\MMKeybd.exe" [2001-09-05 163840]
"EPSON Stylus C84 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE" [2003-05-27 99840]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 102400]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [N/A]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [N/A]
Camio Viewer 2000.lnk - c:\program files\Sierra Imaging\Image Expert 2000\IXApplet.exe [N/A]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE [N/A]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=2 (0x2)
"McShield"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Server
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [1/7/2011 6:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [4/5/2011 12:59 AM 297168]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [8/20/2011 5:02 PM 328536]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [10/3/2000 4:18 PM 6942]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [8/24/2011 7:47 PM 1025352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srvD24
srvB4C
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc5123c80e3020.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 04:46]
.
2002-04-27 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-02-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
Trusted Zone: adptotalsource.com\www
TCP: DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\g5x1g7k4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e558db8&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-05 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2232)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\devldr32.exe
c:\windows\Nhksrv.exe
c:\windows\System32\drivers\CDAC11BA.EXE
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Netropa\Traymon.exe
c:\program files\Netropa\OSD.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-09-05 21:22:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-06 01:22
ComboFix2.txt 2011-09-05 19:56
.
Pre-Run: 42,379,735,040 bytes free
Post-Run: 42,344,812,544 bytes free
.
- - End Of File - - 457DBB00B23C962845B64A35F55B04B4

========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named srvD24 was found to stop!
Service\Driver key srvD24 not found.
Error: No service named srvB4C was found to stop!
Service\Driver key srvB4C not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Service C-DillaCdaC11BA stopped successfully!
Service C-DillaCdaC11BA deleted successfully!
========== OTL ==========
Error: No service named srvD24 was found to stop!
Service\Driver key srvD24 not found.
Error: No service named srvB4C was found to stop!
Service\Driver key srvB4C not found.
Error: No service named AppMgmt was found to stop!
Service\Driver key AppMgmt not found.
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2941a8b2-50cb-11df-b6da-0008a115c54e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2941a8b2-50cb-11df-b6da-0008a115c54e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2941a8b2-50cb-11df-b6da-0008a115c54e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2941a8b2-50cb-11df-b6da-0008a115c54e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2941a8b2-50cb-11df-b6da-0008a115c54e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2941a8b2-50cb-11df-b6da-0008a115c54e}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b09ee65-0b77-11e0-b709-0008a115c54e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b09ee65-0b77-11e0-b709-0008a115c54e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b09ee65-0b77-11e0-b709-0008a115c54e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b09ee65-0b77-11e0-b709-0008a115c54e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b09ee65-0b77-11e0-b709-0008a115c54e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b09ee65-0b77-11e0-b709-0008a115c54e}\ not found.
File F:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a32a0732-b324-11e0-b716-0008a115c54e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a32a0732-b324-11e0-b716-0008a115c54e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a32a0732-b324-11e0-b716-0008a115c54e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a32a0732-b324-11e0-b716-0008a115c54e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a32a0732-b324-11e0-b716-0008a115c54e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a32a0732-b324-11e0-b716-0008a115c54e}\ not found.
File F:\setup.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:SsiEfr.e deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< sc config srvD24 start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< sc config srvB4C start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< sc config AppMgmt start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< sc config C-DillaCdaC11BA start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.27.0 log created on 09052011_213117

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


View
Vino's Event Viewer v01c run on Windows XP in English
Report run at 05/09/2011 9:48:07 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks so much
Mark D
  • 0

#6
buttonpusher

buttonpusher

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 05/09/2011 9:56:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Copy the next line:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost" /s > \junk.txt

Start, Run, cmd , OK

right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Type:
notepad \junk.txt

(Space before \. Copy and paste the text into a reply.)

Ron
  • 0

#8
buttonpusher

buttonpusher

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ srvD24\0srvB4C\06to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuauserv\0BITS\0ShellHWDetection\0helpsvc\0WmdmPmSN\0xmlprov\0wscsvc\0napagent\0hkmsvc\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
eapsvcs REG_MULTI_SZ eaphost\0\0
dot3svc REG_MULTI_SZ dot3svc\0\0
WINRM REG_MULTI_SZ WINRM\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\dot3svc
AuthenticationCapabilities REG_DWORD 0x3020
CoInitializeSecurityParam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\eapsvcs
AuthenticationCapabilities REG_DWORD 0x3020
CoInitializeSecurityParam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WINRM
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020

Did I do that right?

Thank you.
Mark Dombrowski
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Looks like you did. Appears the only place the two bad items show up is in the list of possible services. Doesn't appear to be an actual service left so it probably won't hurt to leave them there. If you are comfortable editing the registry you could remove the them. (It would be a bit tricky for me to do it for you. Have to do it in hex. ) If you want to try this is how it goes:

Start, Run regedit , OK then navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
(Click on Svchost)

In the right pane find

netsvcs

and double click on it. A window will open with a list of services like:

srvD24
srvB4C

AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
AppMgmt

The list is from my Vista PC so you will probably have different ones. What you would need to do tho is highlight each of the entries which I have marked in red srvD24 &
srvB4C and delete them. Don't do anything to the others. Click OK. Close regedit.

Are you still seeing your problem?

Ron
  • 0

#10
buttonpusher

buttonpusher

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
No Ron. That problem is gone thank you. Much faater and vastly more stabile.

The machine just doesn't run as fast as it used to so I purchased some additional RAM today. It should arrive soon.
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Good move on the RAM. XP SP3 is happiest with a minimum of 1 Gig.

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 27 or 7 update 0). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA. The number in bold corresponds to the update number. If they switch to 7 update 0 then the 0016 will turn to 0017.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#12
buttonpusher

buttonpusher

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks so much for walking me through all of that. It is greatly appreciated!

As for the p2p sites, I'll happily stay away
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP