Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Badly Infected Need Help

Started by WhiteLight , Oct 26 2011 08:39 PM

  • This topic is locked This topic is locked

#46
WhiteLight
Posted 05 November 2011 - 08:00 AM

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Saying that I have not selected checkboxes even though I have...

Did a quick google and one of your posts on avast came up:

OK that shows that there is no connection at all

Could you go to control panel > Device manager and let me know if there are any yellow exclamation marks there. If there are could you let me know the name of the devices


Then go to control panel > network connectors and right click on the one marked local area connection (ignore 1394 devices).
Go to properties and scroll down the list until you reach tcp/ip
Double click to select properties and confirm under the general tab that the device is set to obtain IP addresses automatically -if they were preset, make a note of the numbers before you change anything.
If you change anything, click OK and reboot to make sure the cache is cleared and settings applied. See if this fixed it.

In control panel I have yellow exclamation on PCI memory controller
  • 0

Advertisements

#47
Essexboy
Posted 05 November 2011 - 08:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you right click the driver and select uninstall
Reboot the computer and let windows refind and install the driver

Does that work


Run SINO just selecting the network related areas
  • 0

#48
WhiteLight
Posted 05 November 2011 - 08:19 AM

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I selected yes to install from internet, didn't install correctly as can't find necessary software (Still yellow in device manager) and sino did not work. Same when selecting do not connect to internet.
  • 0

#49
Essexboy
Posted 05 November 2011 - 08:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I have just refreshed myself on the Avast topic as that was a real excavation process

In the run box ttype the following and let me know what the output is, it should be similar to the quoted text :

CMD /K SC QC DHCP

[SC] GetServiceConfig SUCCESS

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem


  • 0

#50
WhiteLight
Posted 05 November 2011 - 08:33 AM

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Excavation I like the sound of that.

It gives exactly the same output to the letter.

Edited by WhiteLight, 05 November 2011 - 08:34 AM.

  • 0

#51
Essexboy
Posted 05 November 2011 - 08:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I have found my bits and bobs on that one, I saved them just in case there was another one like this


Open Services...
Start > Run > Type: services.msc > Click OK
Scroll down to and double click DNS Client
Set to Automatic under Startup type
Click the Apply button
Click the Start button
When it starts click OK

Repeat for DHCP Client.
And repeat for Remote Procedure Call (RPC).

When done, close Services.

Try the connection again

OK run OTL and run the following script as I need to check the dependency files

[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
afd.*
tcpip.*
netbt.*
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT
  • 0

#52
WhiteLight
Posted 05 November 2011 - 08:41 AM

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Lucky you did :)

Ok when trying to start DHCP Client I get,

Could not start the DHCP Client service on the Local Computer.
Error 1068: The dependency service or group failed to start.
  • 0

#53
Essexboy
Posted 05 November 2011 - 08:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK run the OTL scan please - as things are clicking together although the infection I was dealing with there was zero access
  • 0

#54
WhiteLight
Posted 05 November 2011 - 08:58 AM

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTL logfile created on: 5/11/2011 1:49:34 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mick\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1023.48 Mb Total Physical Memory | 621.24 Mb Available Physical Memory | 60.70% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.59% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 4.56 Gb Free Space | 4.08% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 2.14 Gb Free Space | 57.29% Space Free | Partition Type: FAT32

Computer Name: C7B9CD6C4F04459 | User Name: Mick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 13:06:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mick\Desktop\OTL.exe
PRC - [2011/10/30 01:54:32 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2010/01/15 23:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/10 16:47:16 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2009/10/27 18:36:16 | 001,499,136 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/09/17 10:33:26 | 000,651,776 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/09/17 10:31:18 | 000,132,096 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/12/31 17:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe
PRC - [2008/08/11 09:31:54 | 001,124,352 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008/06/17 17:00:34 | 001,249,280 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
PRC - [2008/05/22 16:05:06 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2007/06/13 21:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/11/15 21:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/03/22 15:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/01 17:48:27 | 000,689,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\217f47a04d65b6bec88290c1afa830d6\System.Data.SqlServerCe.ni.dll
MOD - [2010/06/23 23:13:00 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/06/23 23:12:53 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/06/13 13:47:50 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
MOD - [2010/06/13 13:47:16 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
MOD - [2010/06/13 13:45:45 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2010/06/13 00:03:58 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2010/06/13 00:03:40 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
MOD - [2010/06/13 00:03:04 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
MOD - [2010/06/13 00:01:58 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
MOD - [2010/06/12 23:59:26 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2010/06/03 14:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/12/18 10:18:52 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2008/01/08 11:39:24 | 001,581,056 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2007/12/04 22:38:34 | 000,262,144 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2007/12/04 22:37:48 | 000,585,728 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtNetwork4.dll
MOD - [2007/12/04 22:36:04 | 006,434,816 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll
MOD - [2007/12/04 22:18:36 | 000,356,352 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2007/02/27 08:22:14 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2007/02/27 08:21:38 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2007/02/23 17:47:32 | 000,013,824 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\Imageformats\qsvg1.dll
MOD - [2007/02/23 17:47:10 | 000,131,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\Imageformats\qjpeg1.dll
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2011/10/30 01:54:32 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010/01/15 23:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/17 10:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/05/14 16:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EHttpSrv)
SRV - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/30 19:51:28 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/05/14 16:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 16:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 16:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/02/09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/03 23:36:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/03/26 16:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/03/26 16:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/03/26 16:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/07/10 15:02:35 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005/09/30 13:52:22 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 13:52:20 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/17 22:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/02 19:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2003/09/20 09:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/12 05:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/18 00:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1229272821-1177238915-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-1177238915-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 10:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/25 20:26:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/06/22 12:59:11 | 000,000,000 | ---D | M]

[2008/09/09 21:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mick\Application Data\Mozilla\Extensions
[2011/10/24 20:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mick\Application Data\Mozilla\Firefox\Profiles\h3jb646d.default\extensions
[2009/12/18 18:18:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mick\Application Data\Mozilla\Firefox\Profiles\h3jb646d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/31 00:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/08 20:58:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/08 20:57:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/08 20:57:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/31 02:11:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTClk\NVRTClk.exe ()
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1229272821-1177238915-839522115-1004..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe File not found
O4 - HKU\S-1-5-21-1229272821-1177238915-839522115-1004..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1229272821-1177238915-839522115-1004..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-1177238915-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1183591912784 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3942B7C-3904-4A4E-B910-A5526B1EA5D3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/05 00:14:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/02 14:05:54 | 000,679,311 | ---- | M] () - F:\AutoStreamer_v1.0.33.zip -- [ FAT32 ]
O32 - AutoRun File - [2011/10/30 23:53:08 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{2dca5c42-2a6b-11e0-92b2-000fea814095}\Shell - "" = AutoRun
O33 - MountPoints2\{2dca5c42-2a6b-11e0-92b2-000fea814095}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2dca5c42-2a6b-11e0-92b2-000fea814095}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL upgrade.htm
O33 - MountPoints2\{3984e712-1f57-11df-9132-000fea814095}\Shell\AutoRun\command - "" = E:\Launcher.exe
O33 - MountPoints2\{c22d9e00-6bbe-11dc-8ced-000fea814095}\Shell - "" = AutoRun
O33 - MountPoints2\{c22d9e00-6bbe-11dc-8ced-000fea814095}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c22d9e00-6bbe-11dc-8ced-000fea814095}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 22:31:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mick\Desktop\OTL.exe
[2011/11/04 22:29:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mick\Desktop\aswMBR.exe
[2011/11/04 00:26:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/04 00:15:42 | 000,359,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mick\Desktop\msicuu2.exe
[2011/11/04 00:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mick\Desktop\recovery
[2011/11/03 13:17:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/03 13:17:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 12:21:29 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2011/10/31 12:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2011/10/31 12:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2011/10/31 01:20:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 01:20:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 01:20:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 01:20:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 00:46:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 00:36:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/31 00:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/10/31 00:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/10/31 00:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2011/10/26 22:04:57 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/26 22:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/26 22:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/26 22:03:07 | 007,712,920 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mick\Desktop\mbam-rules.exe
[2011/10/26 21:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mick\Application Data\Malwarebytes
[2011/10/26 21:18:33 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mick\Desktop\mbam-setup-1.51.1.1800.exe
[2011/10/26 20:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/26 20:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/26 20:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/26 08:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/26 08:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/25 19:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2033/03/15 13:00:26 | 000,000,128 | ---- | M] () -- C:\tmp2
[2033/03/15 13:00:22 | 000,000,890 | ---- | M] () -- C:\tmp1
[2011/12/10 19:35:44 | 000,047,120 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/06 00:54:08 | 003,397,256 | ---- | M] () -- C:\Documents and Settings\Mick\Desktop\SINO.exe
[2011/11/05 13:43:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/05 13:43:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/05 13:18:47 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/05 13:18:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/05 13:15:52 | 000,017,555 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/05 13:15:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/05 11:00:00 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mick\Desktop\aswMBR.exe
[2011/11/04 12:47:32 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mick\Desktop\msicuu2.exe
[2011/11/04 12:17:20 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\Mick\Desktop\Repair.vbs
[2011/11/03 13:17:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 12:20:56 | 000,001,951 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2011/10/31 02:11:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/30 13:06:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mick\Desktop\OTL.exe
[2011/10/30 01:54:32 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
[2011/10/26 22:02:10 | 007,712,920 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mick\Desktop\mbam-rules.exe
[2011/10/26 09:08:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/25 20:26:09 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/09 17:40:42 | 001,065,064 | ---- | M] () -- C:\Documents and Settings\Mick\Desktop\Rapture [Avicii New Generation Extended Mix]-Nisse Hanséns Kör Orkester, Lennart Swahn.m4r
[2011/10/09 17:38:29 | 000,915,985 | ---- | M] () -- C:\Documents and Settings\Mick\Desktop\Hurt Me-The Jezabels.m4r
[2011/10/09 17:36:56 | 000,314,812 | ---- | M] () -- C:\Documents and Settings\Mick\Desktop\Pjanoo-Eric Prydz.m4r
[2011/10/09 17:28:44 | 000,645,549 | ---- | M] () -- C:\Documents and Settings\Mick\Desktop\Walking Disasters-The Wombats-1.m4r
[2011/10/09 17:26:28 | 000,142,687 | ---- | M] () -- C:\Documents and Settings\Mick\Desktop\Walking Disasters-The Wombats.m4r
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2033/03/15 13:00:26 | 000,000,128 | ---- | C] () -- C:\tmp2
[2033/03/15 13:00:22 | 000,000,890 | ---- | C] () -- C:\tmp1
[2011/11/05 12:22:08 | 003,397,256 | ---- | C] () -- C:\Documents and Settings\Mick\Desktop\SINO.exe
[2011/11/04 00:27:30 | 000,002,331 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Player.lnk
[2011/11/04 00:27:30 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[2011/11/04 00:27:30 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PHOTOfunSTUDIO 5.0 HD Edition.lnk
[2011/11/04 00:27:30 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/11/04 00:27:30 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/11/04 00:27:30 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhotoImpression 5.lnk
[2011/11/04 00:27:30 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/11/04 00:27:30 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2011/11/04 00:27:30 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhotoBase 4.5.lnk
[2011/11/04 00:27:30 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Panorama Maker 3.lnk
[2011/11/04 00:27:30 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/11/04 00:27:30 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/04 00:27:30 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/04 00:27:30 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EViews 6 SV.lnk
[2011/11/04 00:27:30 | 000,001,424 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MYOB Accounting Plus v16 ED.lnk
[2011/11/04 00:27:30 | 000,001,016 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Video Downloader Suite.lnk
[2011/11/04 00:27:30 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2011/11/04 00:27:30 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/11/04 00:27:30 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\All Users\Desktop\Router Login.url
[2011/11/04 00:23:49 | 000,002,132 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk
[2011/11/04 00:23:49 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/11/04 00:23:49 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/11/04 00:23:48 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2011/11/04 00:23:48 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/04 00:23:48 | 000,002,101 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Keyboard.lnk
[2011/11/04 00:23:48 | 000,002,021 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Keyboard Healthy Computing Guide.lnk
[2011/11/04 00:23:48 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mouse Healthy Computing Guide.lnk
[2011/11/04 00:23:48 | 000,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse.lnk
[2011/11/04 00:23:48 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/11/04 00:23:48 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/04 00:23:48 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/11/04 00:23:48 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader 5.0.lnk
[2011/11/04 00:23:48 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/04 00:23:48 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/11/04 00:15:53 | 000,002,325 | ---- | C] () -- C:\Documents and Settings\Mick\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/11/04 00:08:37 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\Mick\Desktop\Repair.vbs
[2011/11/03 13:17:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/03 13:17:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 12:20:56 | 000,001,951 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2011/10/31 01:20:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 01:20:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 01:20:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 01:20:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 01:20:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/09 17:40:42 | 001,065,064 | ---- | C] () -- C:\Documents and Settings\Mick\Desktop\Rapture [Avicii New Generation Extended Mix]-Nisse Hanséns Kör Orkester, Lennart Swahn.m4r
[2011/10/09 17:38:18 | 000,915,985 | ---- | C] () -- C:\Documents and Settings\Mick\Desktop\Hurt Me-The Jezabels.m4r
[2011/10/09 17:36:56 | 000,314,812 | ---- | C] () -- C:\Documents and Settings\Mick\Desktop\Pjanoo-Eric Prydz.m4r
[2011/10/09 17:28:35 | 000,645,549 | ---- | C] () -- C:\Documents and Settings\Mick\Desktop\Walking Disasters-The Wombats-1.m4r
[2011/10/09 17:26:26 | 000,142,687 | ---- | C] () -- C:\Documents and Settings\Mick\Desktop\Walking Disasters-The Wombats.m4r
[2011/05/02 00:14:05 | 000,474,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/28 20:54:32 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\Mick\Application Data\NMM-MetaData.db
[2010/09/08 21:36:25 | 000,047,120 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/05 10:28:21 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/30 20:02:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/06/30 19:45:57 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/04/15 19:55:50 | 000,000,121 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2009/04/15 19:55:50 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2009/04/15 19:55:49 | 000,000,204 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2009/04/15 19:50:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2009/04/15 19:50:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2009/03/29 10:07:17 | 000,000,045 | R--- | C] () -- C:\WINDOWS\gsc_user.dat
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/06/17 22:10:17 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2008/03/17 21:32:55 | 000,000,570 | ---- | C] () -- C:\WINDOWS\DTOOLS.INI
[2008/02/27 16:15:27 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\Unwise32.exe
[2007/12/28 17:25:07 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/16 17:05:08 | 000,034,584 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2007/11/07 15:49:29 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/01 16:34:15 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/01 16:34:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/18 20:12:31 | 000,000,116 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/07/13 11:56:39 | 000,000,671 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/13 10:14:21 | 000,041,984 | -H-- | C] () -- C:\Documents and Settings\Mick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/10 15:02:35 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7389.sys
[2007/07/06 20:39:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/06 16:21:48 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/07/06 16:21:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/07/06 16:21:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/07/06 16:21:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/07/06 16:21:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/07/06 16:21:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/07/06 16:21:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/07/06 16:21:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/07/06 16:21:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/07/06 16:21:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/07/06 16:21:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/07/06 16:21:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/07/06 16:21:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/07/06 16:21:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/07/06 16:21:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/07/06 16:21:48 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/07/06 16:21:48 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/07/06 16:21:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/07/06 16:21:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/05 21:05:34 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2007/07/05 21:04:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER310E.ini
[2007/07/05 10:04:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/05 10:03:22 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/05 01:16:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/05 00:27:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/07/05 00:27:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/07/05 00:27:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/05 00:22:50 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\NVRTClk.exe
[2007/07/05 00:22:34 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2007/07/05 00:16:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/05 00:12:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/27 08:24:30 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2007/02/27 08:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/27 08:23:36 | 000,104,960 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2007/02/27 08:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/27 08:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/27 08:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/27 08:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/27 08:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/27 08:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/27 08:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2007/02/27 08:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/27 08:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/27 08:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/27 08:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/13 06:21:22 | 001,196,544 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/13 06:21:22 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/13 06:21:22 | 000,125,952 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/13 06:21:22 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/13 06:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/13 06:21:22 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/13 06:21:22 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/13 06:21:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/13 06:21:22 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/13 06:21:22 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/13 06:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/13 06:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/13 06:21:22 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/13 06:21:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/13 06:21:22 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/13 06:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2004/08/04 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 23:00:00 | 000,453,960 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 23:00:00 | 000,076,138 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 23:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 23:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 09:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2002/04/12 05:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/03 13:50:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\rmvpeye.exe
[2001/06/24 17:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[2000/01/31 09:02:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2004/06/12 09:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe


< MD5 for: AFD.SYS >
[2008/08/14 21:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 20:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\system32\dllcache\afd.sys
[2008/08/14 20:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\system32\drivers\afd.sys
[2004/08/04 23:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/08/14 20:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/08/14 21:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/06/20 21:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2008/06/20 22:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 21:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 22:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys

< MD5 for: NETBT.SYS >
[2004/08/03 23:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\dllcache\netbt.sys

< MD5 for: TCPIP.CHM >
[2004/08/04 23:00:00 | 000,038,234 | ---- | M] () MD5=11F1003A66472DBCBD02A54E9CB4163C -- C:\WINDOWS\Help\tcpip.chm

< MD5 for: TCPIP.REG >
[2011/11/03 13:53:08 | 000,006,711 | ---- | M] () MD5=7034F2F748482DF2FA5891FD32E25FA2 -- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

< MD5 for: TCPIP.SYS >
[2006/04/20 22:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 21:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 21:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 21:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2007/10/31 03:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 21:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/31 04:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/06/20 22:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004/08/04 23:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008/06/20 22:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 23:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 7
"ImagePath" = system32\DRIVERS\netbt.sys
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7B71D777-3E7C-437E-9951-B3342B491596}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A548FF27-20EA-45E9-AFB2-E90E7C7107E6}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E3942B7C-3904-4A4E-B910-A5526B1EA5D3}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{FCF6B41D-887C-42D3-BA96-8B88691E6328}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{FDC32D90-9958-4567-8F7A-88475FABCAC0}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
"INITSTARTFAILED" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2004/08/04 23:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 23:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U /s >

< End of report >
  • 0

#55
Essexboy
Posted 05 November 2011 - 09:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK netbt is not in the right place - so lets fix that first


< MD5 for: NETBT.SYS >
[2004/08/03 23:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\dllcache\netbt.sys
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 7
"ImagePath" = system32\DRIVERS\netbt.sys


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\WINDOWS\System32\drivers\netbt.sys|C:\WINDOWS\system32\dllcache\netbt.sys /replace


    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#56
WhiteLight
Posted 05 November 2011 - 09:13 AM

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
========== FILES ==========
File C:\WINDOWS\System32\drivers\netbt.sys successfully replaced with C:\WINDOWS\system32\dllcache\netbt.sys
File\Folder [Reboot] not found.

OTL by OldTimer - Version 3.2.31.0 log created on 11052011_140810

I restarted and we have CONNECTION TO THE INTERNET! You sir are AMAZING!

The PCI memory controller still didn't install correctly even with the internet functioning.

Do you still want quick scan?
  • 0

#57
Essexboy
Posted 05 November 2011 - 09:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope if you could just let me know whats left to resolve :)

Having now used that twice - I think it will move forward to the main part of my armoury
  • 0

#58
WhiteLight
Posted 05 November 2011 - 09:22 AM

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
And what an armoury it is I must say.

The only thing left is the "owner" profile which still has a missing desktop (can't right click it either, and missing My Computer, Control Panel etc from start menu, programs are all there and good. And the task manager says it has been disabled by administrator, even though owner is an admin.
  • 0

#59
WhiteLight
Posted 05 November 2011 - 09:26 AM

WhiteLight

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
NOD is also still getting error comm with kernal, which was from the zero access rootkit. Should I just uninstall and reinstall it?

EDIT: When I try and remove it it says I verify that you have access to that key, and uninstall fails.

Edited by WhiteLight, 05 November 2011 - 09:49 AM.

  • 0

#60
Essexboy
Posted 05 November 2011 - 09:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That profile is not showing within OTL which is why I believe it is corrupt and will need to be deleted after removing all data.

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-1177238915-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145


MS has a step by step guide here on how to recover the data from it
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP