Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

My Netbook's CPU usage is 100%when idle and too slow!

Started by polepole , Oct 30 2011 02:18 PM

Please log in to reply

#1
polepole

Posted 30 October 2011 - 02:18 PM

Member

Member
102 posts

Hi
I have a HP Compaq mini netbook which runs on win xp pro sp3.The OS was pre installed by the manufacturer. It has a RAM of 1 gb and hdd of 250 gb. The problem started some 4 months ago when it started taking around 10 minutes to put it on, but when it is on it didn't have any problem. But as from last week it started being very slow in opening all the programs, including loading the firefox. I have tried scanning using the OTL so that i can post the scan log in vain. It scans up to scanning module... then it doesn't respond at all, i have waited for more than 30 minutes, with no response.When i restart it(OTL) again it reaches the same point. I have used the OTL.exe and OTL.sr and both of them behave the same.
Please assist me.
Regards.

I have managed to run OTL on safe mode and these are my logs

OTL logfile created on: 10/30/2011 11:31:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 798.83 Mb Available Physical Memory | 78.68% Memory free
2.38 Gb Paging File | 2.31 Gb Available in Paging File | 96.79% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.13 Gb Total Space | 23.35 Gb Free Space | 33.29% Space Free | Partition Type: NTFS
Drive D: | 78.91 Gb Total Space | 21.15 Gb Free Space | 26.81% Space Free | Partition Type: NTFS
Drive F: | 6.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPUTER_1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/27 19:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HWDeviceService.exe)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/11 10:53:34 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Internet Everywhere 3G+\UpdateDog\ouc.exe -- (Internet Everywhere 3G+. RunOuc)
SRV - [2010/09/24 20:12:15 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/07/02 12:16:05 | 000,221,184 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/12/21 09:53:26 | 000,512,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ZTEMT UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2007/11/06 23:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - [2011/08/11 10:53:37 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/08/11 10:53:37 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/08/11 10:53:36 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/08/11 10:53:36 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/28 20:46:40 | 000,098,160 | ---- | M] (Tonec Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/24 20:12:15 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/09/08 08:56:48 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/09/04 01:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/07/17 22:22:49 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/07/15 18:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 18:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/25 14:51:28 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/06/29 23:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/04/21 20:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/31 23:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/04/13 20:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 23:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TVfree Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "TVfree Customized Web Search"
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.1.400
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.8
FF - prefs.js..extensions.enabledItems: {c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}:3.5.0.12
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\components [2011/10/01 21:54:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/09/21 06:37:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2011/07/11 18:44:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2011/07/11 18:44:56 | 000,000,000 | ---D | M]

[2011/07/11 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/26 23:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions
[2011/10/26 23:43:04 | 000,000,000 | ---D | M] (TVfree Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions\{c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}
[2011/06/19 12:16:08 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\searchplugins\conduit.xml
[2011/09/28 16:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 19:48:51 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/01 00:05:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/04 06:26:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 10:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/09/21 06:38:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/07/27 11:09:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/10/01 00:05:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2007/08/11 03:58:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [autodetect] C:\Program Files\Safaricom Broadband\AutoDect.exe ()
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B77C15E-2662-49C1-BA87-4398E0F21B5C}: NameServer = 41.220.238.4,196.201.231.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8541A0A8-C403-47D8-AC89-C34BB98AEEB7}: NameServer = 41.220.238.4,196.201.231.167
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Administrator\Application Data\rmhzb.exe) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/17 22:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/11 10:08:38 | 000,000,058 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0012232c-c051-11e0-9198-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0012232c-c051-11e0-9198-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0012232c-c051-11e0-9198-0025560dd663}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0625880c-9808-11df-8edf-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{0625880c-9808-11df-8edf-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0625880c-9808-11df-8edf-0025b3460cb0}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b131-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b131-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b131-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b134-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b134-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b134-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b136-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b136-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b136-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b138-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b138-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b138-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b140-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b140-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b140-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{57f64528-97a3-11df-8eda-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{57f64528-97a3-11df-8eda-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57f64528-97a3-11df-8eda-0025b3460cb0}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{57f6452b-97a3-11df-8eda-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{57f6452b-97a3-11df-8eda-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57f6452b-97a3-11df-8eda-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5a45de9e-c329-11e0-91a1-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{5a45de9e-c329-11e0-91a1-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5a45de9e-c329-11e0-91a1-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{672d702c-f40d-11df-8fd0-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{672d702c-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{672d702c-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{672d7030-f40d-11df-8fd0-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{672d7030-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{672d7030-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{672d7031-f40d-11df-8fd0-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{672d7031-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{672d7031-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{76f4164e-6547-11e0-90e2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{76f4164e-6547-11e0-90e2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76f4164e-6547-11e0-90e2-0025560dd663}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{76f4164f-6547-11e0-90e2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{76f4164f-6547-11e0-90e2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76f4164f-6547-11e0-90e2-0025560dd663}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{85f7eaa6-01b7-11e0-8fef-0025b3460cb0}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe
O33 - MountPoints2\{93440f45-7d21-11e0-911e-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{93440f45-7d21-11e0-911e-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{93440f45-7d21-11e0-911e-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a7c013a6-c2c5-11e0-919f-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{a7c013a6-c2c5-11e0-919f-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7c013a6-c2c5-11e0-919f-0025560dd663}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a7c013a7-c2c5-11e0-919f-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{a7c013a7-c2c5-11e0-919f-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7c013a7-c2c5-11e0-919f-0025560dd663}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b9d639ea-9435-11df-8ece-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d639ea-9435-11df-8ece-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d639ea-9435-11df-8ece-0025b3460cb0}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b9d639ec-9435-11df-8ece-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d639ec-9435-11df-8ece-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d639ec-9435-11df-8ece-0025b3460cb0}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{de14c693-b987-11df-8f4a-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{de14c693-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de14c693-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{de14c694-b987-11df-8f4a-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{de14c694-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de14c694-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{de14c697-b987-11df-8f4a-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{de14c697-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de14c697-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{de14c698-b987-11df-8f4a-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{de14c698-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de14c698-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e75664ec-f888-11df-8fdd-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{e75664ec-f888-11df-8fdd-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e75664ec-f888-11df-8fdd-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e75664ed-f888-11df-8fdd-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{e75664ed-f888-11df-8fdd-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e75664ed-f888-11df-8fdd-0025b3460cb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ee205164-8c9a-11e0-914c-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{ee205164-8c9a-11e0-914c-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee205164-8c9a-11e0-914c-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f6383d38-3d87-11e0-9064-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{f6383d38-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6383d38-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\Shell\autoPlay\COmmAND - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\Shell\expLOre\ComMAnd - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\Shell\opeN\commaND - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\Shell\autoPlay\COmmAND - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\Shell\expLOre\ComMAnd - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\Shell\opeN\commaND - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d40-3d87-11e0-9064-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{f6383d40-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6383d40-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\Shell\autoPlay\COmmAND - "" = G:\xcqf.pif
O33 - MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = G:\xcqf.pif
O33 - MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\Shell\expLOre\ComMAnd - "" = G:\xcqf.pif
O33 - MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\Shell\opeN\commaND - "" = G:\xcqf.pif
O33 - MountPoints2\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 21:00:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:44:00 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/10/29 18:43:59 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/29 18:40:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/29 10:47:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 10:10:49 | 000,000,000 | ---D | C] -- C:\ubuntu
[2011/10/27 19:50:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/25 22:13:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/23 10:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook
[2011/10/09 21:36:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ZTEEVDO
[2011/10/09 21:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZTEMT UI
[2011/10/09 21:22:28 | 000,104,704 | ---- | C] (ZTEMT Incorporated) -- C:\WINDOWS\System32\drivers\CT_ZTEMT_U_USBSER.sys
[2011/10/09 21:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\ZTEMT UI
[2011/10/07 05:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/10/06 23:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Interbank FX
[2011/10/06 21:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/10/02 11:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Debut
[2011/10/02 11:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011/10/02 11:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Video Related Programs
[2011/10/02 11:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2011/10/02 11:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/10/02 11:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NCH Software
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/30 23:35:50 | 000,748,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 23:35:50 | 000,252,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/30 23:30:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/30 23:30:11 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job
[2011/10/30 22:49:01 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
[2011/10/30 22:47:41 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
[2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/30 10:48:47 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
[2011/10/29 23:48:06 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
[2011/10/29 18:48:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/29 11:59:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/28 16:14:39 | 000,134,978 | ---- | M] () -- C:\wubildr
[2011/10/28 16:14:14 | 000,000,238 | RHS- | M] () -- C:\boot.ini
[2011/10/28 16:12:48 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2011/10/27 19:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/24 19:03:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/22 00:11:04 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fxTrade Practice.lnk
[2011/10/20 14:03:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/20 08:27:35 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 20:46:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2011/10/09 21:23:19 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Internet Everywhere 3G+.lnk
[2011/10/02 11:57:12 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Debut Video Capture Software.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/29 18:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:12:48 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2011/10/28 16:12:47 | 000,134,978 | ---- | C] () -- C:\wubildr
[2011/10/25 23:22:32 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/10/23 10:43:26 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
[2011/10/23 10:43:24 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
[2011/10/04 20:46:09 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2011/10/02 11:57:12 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Debut Video Capture Software.lnk
[2011/10/02 11:57:08 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Debut Video Capture Software.lnk
[2011/09/21 15:19:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 23:10:00 | 000,000,088 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2011/07/23 09:28:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/12/23 22:48:16 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\AI_ContextMenu.dll
[2010/12/23 17:36:09 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/09/21 06:38:29 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/21 06:38:29 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/09/07 21:46:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/06 08:58:11 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/06 08:58:11 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/06 08:58:11 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/06 08:58:11 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/06 08:58:11 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/29 21:13:40 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 08:36:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/17 22:20:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/07/17 22:10:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 22:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/17 14:55:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/17 14:53:49 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/04/14 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 23:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/12/31 03:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,748,748 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,252,006 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/28 23:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2011/10/30 20:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2011/07/20 00:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FXTS2
[2011/08/19 22:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HotSync
[2011/10/22 20:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2011/08/28 07:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JetStart
[2011/10/21 11:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2011/10/30 21:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeraCopy
[2011/10/09 22:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZTEEVDO
[2011/08/08 15:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2011/08/19 22:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/08/11 11:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Everywhere 3G+
[2011/09/23 22:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/01/21 23:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/24 07:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2011/10/10 20:46:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2011/10/30 10:48:47 | 000,001,008 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
[2011/10/30 22:49:01 | 000,001,030 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
[2011/10/30 23:30:11 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 10/30/2011 11:31:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 798.83 Mb Available Physical Memory | 78.68% Memory free
2.38 Gb Paging File | 2.31 Gb Available in Paging File | 96.79% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.13 Gb Total Space | 23.35 Gb Free Space | 33.29% Space Free | Partition Type: NTFS
Drive D: | 78.91 Gb Total Space | 21.15 Gb Free Space | 26.81% Space Free | Partition Type: NTFS
Drive F: | 6.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPUTER_1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Livestation\Livestation.exe" = C:\Program Files\Livestation\Livestation.exe:*:Enabled:Livestation
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Administrator\My Documents\Downloads\BitTorrent-7.2.1(1).exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\BitTorrent-7.2.1(1).exe:*:Enabled:BitTorrent
"D:\My Documents\Downloads\BitTorrent-7.2.1(1).exe" = D:\My Documents\Downloads\BitTorrent-7.2.1(1).exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = FXDD Malta - MetaTrader 4 4.00
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Safaricom Mobile Office
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8B2F4D-9910-4381-B85A-789A7868E5A5}" = Money Manager
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{75D5B2BE-E76C-4C3C-93A7-1C1D74085295}" = IBFX Australia Trader 4 1.2
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Safaricom Broadband
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Debut" = Debut Video Capture Software
"DirectFoldersAppID_is1" = Direct Folders
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.1.1 Home Edition
"ExpressFX" = ExpressFX
"FLVCodec" = PlayFLV
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 3.8.0.0
"Foxit Reader" = Foxit Reader
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" = Freecorder
"FXCM Micro Trading Station II" = FXCM Micro Trading Station II
"HaaliHaaliReaderCE" = Haali Reader CE 2.0 (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Interbank FX Trader 4" = Interbank FX Trader 4 Build 226
"Internet Download Manager" = Internet Download Manager
"Internet Everywhere 3G+" = Internet Everywhere 3G+
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"OpenAL" = OpenAL
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"Safaricom Broadband" = Safaricom Broadband
"Streamster" = Marketiva
"TeraCopy_is1" = TeraCopy 2.12
"UninstEGWhite" = White Estate Software
"VLC media player" = VLC media player 1.1.11
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
"Wubi" = Ubuntu
"Zain e-GO" = Zain e-GO
"ZTEWireless-101_is1" = ZTEMT UI

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Autochartist" = IBFX - PRS 3.3.4
"fxTrade Practice" = fxTrade Practice
"GoToMeeting" = GoToMeeting 4.8.0.723
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2011 9:47:18 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 6730, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 6/15/2011 5:55:03 PM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.3.1249.0, faulting module
qdvd.dll, version 6.5.2600.5512, fault address 0x000189ad.

Error - 6/15/2011 6:11:14 PM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.3.1249.0, faulting module
qdvd.dll, version 6.5.2600.5512, fault address 0x000189ad.

Error - 6/20/2011 3:33:41 PM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/20/2011 3:33:41 PM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 6/21/2011 1:10:13 AM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application idman.exe, version 5.19.2.1, faulting module
idman.exe, version 5.19.2.1, fault address 0x00177db9.

Error - 6/21/2011 1:14:26 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/21/2011 1:14:26 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 6/21/2011 5:09:59 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/21/2011 5:09:59 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

[ Application Events ]
Error - 6/15/2011 9:47:18 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 6730, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 6/15/2011 5:55:03 PM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.3.1249.0, faulting module
qdvd.dll, version 6.5.2600.5512, fault address 0x000189ad.

Error - 6/15/2011 6:11:14 PM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.3.1249.0, faulting module
qdvd.dll, version 6.5.2600.5512, fault address 0x000189ad.

Error - 6/20/2011 3:33:41 PM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/20/2011 3:33:41 PM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 6/21/2011 1:10:13 AM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application idman.exe, version 5.19.2.1, faulting module
idman.exe, version 5.19.2.1, fault address 0x00177db9.

Error - 6/21/2011 1:14:26 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/21/2011 1:14:26 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 6/21/2011 5:09:59 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/21/2011 5:09:59 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

[ OSession Events ]
Error - 8/6/2010 3:10:42 AM | Computer Name = COMPUTER_1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20866
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/10/2010 4:03:38 PM | Computer Name = COMPUTER_1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6942
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/30/2011 1:21:50 PM | Computer Name = COMPUTER_1 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 10/30/2011 1:23:15 PM | Computer Name = COMPUTER_1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10/30/2011 1:23:15 PM | Computer Name = COMPUTER_1 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 10/30/2011 2:01:54 PM | Computer Name = COMPUTER_1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the UDisk Monitor service.

Error - 10/30/2011 2:58:48 PM | Computer Name = COMPUTER_1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the HWDeviceService.exe service.

Error - 10/30/2011 3:17:19 PM | Computer Name = COMPUTER_1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the HWDeviceService.exe service.

Error - 10/30/2011 3:17:53 PM | Computer Name = COMPUTER_1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the HWDeviceService.exe service.

Error - 10/30/2011 3:18:23 PM | Computer Name = COMPUTER_1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the HWDeviceService.exe service.

Error - 10/30/2011 4:31:22 PM | Computer Name = COMPUTER_1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/30/2011 4:32:45 PM | Computer Name = COMPUTER_1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm KLIF

< End of report >
I look forward for your assistance.

Edited by polepole, 30 October 2011 - 02:53 PM.

#2
RKinner

Posted 03 November 2011 - 07:27 PM

Malware Expert

Expert
24,625 posts

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Install AutoRun Eater v2.5
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC.

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2010/10/01 00:05:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/04 06:26:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 10:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Administrator\Application Data\rmhzb.exe) - File not found
O32 - AutoRun File - [2010/07/11 10:08:38 | 000,000,058 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0012232c-c051-11e0-9198-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0012232c-c051-11e0-9198-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0012232c-c051-11e0-9198-0025560dd663}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0625880c-9808-11df-8edf-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{0625880c-9808-11df-8edf-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0625880c-9808-11df-8edf-0025b3460cb0}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b131-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b131-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b131-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b134-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b134-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b134-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b136-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b136-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b136-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b138-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b138-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b138-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0a89b140-c3e1-11e0-91a2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{0a89b140-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a89b140-c3e1-11e0-91a2-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{57f64528-97a3-11df-8eda-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{57f64528-97a3-11df-8eda-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57f64528-97a3-11df-8eda-0025b3460cb0}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{57f6452b-97a3-11df-8eda-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{57f6452b-97a3-11df-8eda-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57f6452b-97a3-11df-8eda-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5a45de9e-c329-11e0-91a1-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{5a45de9e-c329-11e0-91a1-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5a45de9e-c329-11e0-91a1-0025560dd663}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{672d702c-f40d-11df-8fd0-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{672d702c-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{672d702c-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{672d7030-f40d-11df-8fd0-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{672d7030-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{672d7030-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{672d7031-f40d-11df-8fd0-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{672d7031-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{672d7031-f40d-11df-8fd0-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{76f4164e-6547-11e0-90e2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{76f4164e-6547-11e0-90e2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76f4164e-6547-11e0-90e2-0025560dd663}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{76f4164f-6547-11e0-90e2-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{76f4164f-6547-11e0-90e2-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76f4164f-6547-11e0-90e2-0025560dd663}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{85f7eaa6-01b7-11e0-8fef-0025b3460cb0}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe
O33 - MountPoints2\{93440f45-7d21-11e0-911e-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{93440f45-7d21-11e0-911e-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{93440f45-7d21-11e0-911e-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a7c013a6-c2c5-11e0-919f-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{a7c013a6-c2c5-11e0-919f-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7c013a6-c2c5-11e0-919f-0025560dd663}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a7c013a7-c2c5-11e0-919f-0025560dd663}\Shell - "" = AutoRun
O33 - MountPoints2\{a7c013a7-c2c5-11e0-919f-0025560dd663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7c013a7-c2c5-11e0-919f-0025560dd663}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b9d639ea-9435-11df-8ece-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d639ea-9435-11df-8ece-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d639ea-9435-11df-8ece-0025b3460cb0}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b9d639ec-9435-11df-8ece-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d639ec-9435-11df-8ece-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d639ec-9435-11df-8ece-0025b3460cb0}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{de14c693-b987-11df-8f4a-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{de14c693-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de14c693-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{de14c694-b987-11df-8f4a-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{de14c694-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de14c694-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{de14c697-b987-11df-8f4a-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{de14c697-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de14c697-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{de14c698-b987-11df-8f4a-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{de14c698-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de14c698-b987-11df-8f4a-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e75664ec-f888-11df-8fdd-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{e75664ec-f888-11df-8fdd-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e75664ec-f888-11df-8fdd-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e75664ed-f888-11df-8fdd-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{e75664ed-f888-11df-8fdd-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e75664ed-f888-11df-8fdd-0025b3460cb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ee205164-8c9a-11e0-914c-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{ee205164-8c9a-11e0-914c-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee205164-8c9a-11e0-914c-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f6383d38-3d87-11e0-9064-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{f6383d38-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6383d38-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\Shell\autoPlay\COmmAND - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\Shell\expLOre\ComMAnd - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\Shell\opeN\commaND - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\Shell\autoPlay\COmmAND - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\Shell\expLOre\ComMAnd - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\Shell\opeN\commaND - "" = F:\xcqf.pif
O33 - MountPoints2\{f6383d40-3d87-11e0-9064-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{f6383d40-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6383d40-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\Shell\autoPlay\COmmAND - "" = G:\xcqf.pif
O33 - MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\Shell\AutoRun\command - "" = G:\xcqf.pif
O33 - MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\Shell\expLOre\ComMAnd - "" = G:\xcqf.pif
O33 - MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\Shell\opeN\commaND - "" = G:\xcqf.pif
O33 - MountPoints2\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2011/10/10 20:46:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config cisvc start= disabled /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply. I believe there may now be a Report option that you need to click on.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron

#3
polepole

Posted 03 November 2011 - 10:45 PM

Member

Topic Starter
Member
102 posts

Thanks for your reply.
Can run them in safe mode because in normal my netbook is too slow?
Thanks

#4
RKinner

Posted 03 November 2011 - 11:35 PM

Malware Expert

Expert
24,625 posts

Safe Mode with Networking should work OK.

Ron

#5
polepole

Posted 04 November 2011 - 01:34 AM

Member

Topic Starter
Member
102 posts

I will run all that after work. thanks

#6
polepole

Posted 04 November 2011 - 12:24 PM

Member

Topic Starter
Member
102 posts

Hi
I have run the flash_Disinfector and the Auto Run Eater v2.5. I have also run the OTL as you had instructed and this is its log

========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
C:\Program Files\Internet Download Manager\IDMIECC.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
C:\Program Files\Freecorder\prxtbFre0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
C:\Program Files\BitTorrentBar\prxtbBit0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found.
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0012232c-c051-11e0-9198-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0012232c-c051-11e0-9198-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0012232c-c051-11e0-9198-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0012232c-c051-11e0-9198-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0012232c-c051-11e0-9198-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0012232c-c051-11e0-9198-0025560dd663}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01af4330-fbe5-11df-8fe3-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0625880c-9808-11df-8edf-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0625880c-9808-11df-8edf-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0625880c-9808-11df-8edf-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0625880c-9808-11df-8edf-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0625880c-9808-11df-8edf-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0625880c-9808-11df-8edf-0025b3460cb0}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b12f-c3e1-11e0-91a2-0025560dd663}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b131-c3e1-11e0-91a2-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b131-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b131-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b131-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b131-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b131-c3e1-11e0-91a2-0025560dd663}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b134-c3e1-11e0-91a2-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b134-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b134-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b134-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b134-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b134-c3e1-11e0-91a2-0025560dd663}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b136-c3e1-11e0-91a2-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b136-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b136-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b136-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b136-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b136-c3e1-11e0-91a2-0025560dd663}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b138-c3e1-11e0-91a2-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b138-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b138-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b138-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b138-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b138-c3e1-11e0-91a2-0025560dd663}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b13a-c3e1-11e0-91a2-0025560dd663}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b13c-c3e1-11e0-91a2-0025560dd663}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b13e-c3e1-11e0-91a2-0025560dd663}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b140-c3e1-11e0-91a2-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b140-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b140-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b140-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a89b140-c3e1-11e0-91a2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a89b140-c3e1-11e0-91a2-0025560dd663}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c4aef3a-3e64-11e0-9068-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b71612a-ac08-11df-8f1f-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4dc3c0e4-3e51-11e0-9067-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4dc3c0e8-3e51-11e0-9067-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f64528-97a3-11df-8eda-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f64528-97a3-11df-8eda-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f64528-97a3-11df-8eda-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f64528-97a3-11df-8eda-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f64528-97a3-11df-8eda-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f64528-97a3-11df-8eda-0025b3460cb0}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f6452b-97a3-11df-8eda-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f6452b-97a3-11df-8eda-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f6452b-97a3-11df-8eda-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f6452b-97a3-11df-8eda-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f6452b-97a3-11df-8eda-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f6452b-97a3-11df-8eda-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a45de9e-c329-11e0-91a1-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a45de9e-c329-11e0-91a1-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a45de9e-c329-11e0-91a1-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a45de9e-c329-11e0-91a1-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a45de9e-c329-11e0-91a1-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a45de9e-c329-11e0-91a1-0025560dd663}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672d702c-f40d-11df-8fd0-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{672d702c-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672d702c-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{672d702c-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672d702c-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{672d702c-f40d-11df-8fd0-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672d7030-f40d-11df-8fd0-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{672d7030-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672d7030-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{672d7030-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672d7030-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{672d7030-f40d-11df-8fd0-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672d7031-f40d-11df-8fd0-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{672d7031-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672d7031-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{672d7031-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672d7031-f40d-11df-8fd0-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{672d7031-f40d-11df-8fd0-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76f4164e-6547-11e0-90e2-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76f4164e-6547-11e0-90e2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76f4164e-6547-11e0-90e2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76f4164e-6547-11e0-90e2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76f4164e-6547-11e0-90e2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76f4164e-6547-11e0-90e2-0025560dd663}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76f4164f-6547-11e0-90e2-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76f4164f-6547-11e0-90e2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76f4164f-6547-11e0-90e2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76f4164f-6547-11e0-90e2-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76f4164f-6547-11e0-90e2-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76f4164f-6547-11e0-90e2-0025560dd663}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85f7eaa6-01b7-11e0-8fef-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85f7eaa6-01b7-11e0-8fef-0025b3460cb0}\ not found.
File G:\PMBP_Win.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93440f45-7d21-11e0-911e-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93440f45-7d21-11e0-911e-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93440f45-7d21-11e0-911e-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93440f45-7d21-11e0-911e-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93440f45-7d21-11e0-911e-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93440f45-7d21-11e0-911e-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c013a6-c2c5-11e0-919f-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7c013a6-c2c5-11e0-919f-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c013a6-c2c5-11e0-919f-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7c013a6-c2c5-11e0-919f-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c013a6-c2c5-11e0-919f-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7c013a6-c2c5-11e0-919f-0025560dd663}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c013a7-c2c5-11e0-919f-0025560dd663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7c013a7-c2c5-11e0-919f-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c013a7-c2c5-11e0-919f-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7c013a7-c2c5-11e0-919f-0025560dd663}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c013a7-c2c5-11e0-919f-0025560dd663}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7c013a7-c2c5-11e0-919f-0025560dd663}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b268e88d-4ffc-11e0-90a3-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d639ea-9435-11df-8ece-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d639ea-9435-11df-8ece-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d639ea-9435-11df-8ece-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d639ea-9435-11df-8ece-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d639ea-9435-11df-8ece-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d639ea-9435-11df-8ece-0025b3460cb0}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d639ec-9435-11df-8ece-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d639ec-9435-11df-8ece-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d639ec-9435-11df-8ece-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d639ec-9435-11df-8ece-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d639ec-9435-11df-8ece-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d639ec-9435-11df-8ece-0025b3460cb0}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d91a1714-a8e3-11df-8f14-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d91a1715-a8e3-11df-8f14-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c693-b987-11df-8f4a-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c693-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c693-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c693-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c693-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c693-b987-11df-8f4a-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c694-b987-11df-8f4a-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c694-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c694-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c694-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c694-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c694-b987-11df-8f4a-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c697-b987-11df-8f4a-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c697-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c697-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c697-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c697-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c697-b987-11df-8f4a-0025b3460cb0}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c698-b987-11df-8f4a-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c698-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c698-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c698-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de14c698-b987-11df-8f4a-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de14c698-b987-11df-8f4a-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e75664ec-f888-11df-8fdd-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e75664ec-f888-11df-8fdd-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e75664ec-f888-11df-8fdd-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e75664ec-f888-11df-8fdd-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e75664ec-f888-11df-8fdd-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e75664ec-f888-11df-8fdd-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e75664ed-f888-11df-8fdd-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e75664ed-f888-11df-8fdd-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e75664ed-f888-11df-8fdd-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e75664ed-f888-11df-8fdd-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e75664ed-f888-11df-8fdd-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e75664ed-f888-11df-8fdd-0025b3460cb0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee205164-8c9a-11e0-914c-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee205164-8c9a-11e0-914c-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee205164-8c9a-11e0-914c-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee205164-8c9a-11e0-914c-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee205164-8c9a-11e0-914c-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee205164-8c9a-11e0-914c-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d38-3d87-11e0-9064-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d38-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d38-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d38-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d38-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d38-3d87-11e0-9064-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d39-3d87-11e0-9064-0025b3460cb0}\ not found.
File F:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d39-3d87-11e0-9064-0025b3460cb0}\ not found.
File F:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d39-3d87-11e0-9064-0025b3460cb0}\ not found.
File F:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d39-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d39-3d87-11e0-9064-0025b3460cb0}\ not found.
File F:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d3b-3d87-11e0-9064-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\ not found.
File F:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\ not found.
File F:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\ not found.
File F:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d3c-3d87-11e0-9064-0025b3460cb0}\ not found.
File F:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d40-3d87-11e0-9064-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d40-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d40-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d40-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d40-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d40-3d87-11e0-9064-0025b3460cb0}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d41-3d87-11e0-9064-0025b3460cb0}\ not found.
File G:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d41-3d87-11e0-9064-0025b3460cb0}\ not found.
File G:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d41-3d87-11e0-9064-0025b3460cb0}\ not found.
File G:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6383d41-3d87-11e0-9064-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6383d41-3d87-11e0-9064-0025b3460cb0}\ not found.
File G:\xcqf.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff06477a-ac0a-11df-8f20-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff06477d-ac0a-11df-8f20-0025b3460cb0}\ not found.
File E:\AutoRun.exe not found.
C:\WINDOWS\Tasks\debutShakeIcon.job moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< sc config cisvc start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 11042011_204114

#7
RKinner

Posted 04 November 2011 - 12:55 PM

Malware Expert

Expert
24,625 posts

The first step worked anyway. Waiting on the other logs.

#8
polepole

Posted 04 November 2011 - 10:16 PM

Member

Topic Starter
Member
102 posts

hi
i have run the mbam and combo fix and these are there logs, although thd mbam didnt find any malware.

mbam log

08:02:10 Administrator MESSAGE Scheduled update executed successfully
08:07:52 Administrator MESSAGE Protection started successfully
08:08:45 Administrator ERROR IP protection failed: PfBindInterfaceToIPAddress failed with error code 87
08:09:28 Administrator MESSAGE Database updated successfully
22:59:11 Administrator MESSAGE Protection started successfully
23:00:00 Administrator ERROR IP protection failed: PfBindInterfaceToIPAddress failed with error code 87

combofix log

ComboFix 11-11-04.04 - Administrator 11/05/2011 0:40.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.789 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\chrome.manifest
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components2\idmhelper.js
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components2\idmhelper2.js
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components2\idmmzcc.dll
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\install.js
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\install.rdf
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\META-INF\manifest.mf
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\g2mdlhlpx.exe
c:\documents and settings\Administrator\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 18:40 . 2011-08-31 14:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 18:40 . 2011-11-04 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-04 17:41 . 2011-11-04 17:41 -------- d-----w- C:\_OTL
2011-11-04 17:35 . 2011-11-04 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2011-11-04 17:35 . 2011-11-04 17:35 -------- d-----w- c:\program files\Autorun Eater
2011-10-31 17:44 . 2011-10-31 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-10-31 17:35 . 2011-10-31 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-29 15:44 . 2010-11-09 11:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-10-29 15:43 . 2010-11-09 11:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-29 15:40 . 2011-10-30 08:17 -------- d-----w- C:\VIPRERESCUE
2011-10-28 07:10 . 2011-10-28 13:14 -------- d-----w- C:\ubuntu
2011-10-23 07:42 . 2011-10-23 07:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook
2011-10-09 18:36 . 2011-10-09 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\ZTEEVDO
2011-10-09 18:22 . 2009-11-25 11:51 104704 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys
2011-10-09 18:22 . 2011-10-09 18:22 -------- d-----w- c:\program files\ZTEMT UI
2011-10-06 18:28 . 2011-10-06 18:28 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 07:53 . 2011-08-11 08:30 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2011-08-11 07:53 . 2011-08-11 08:30 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-08-11 07:53 . 2011-08-11 08:30 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2011-08-11 07:53 . 2011-08-11 08:30 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2011-08-11 07:53 . 2011-08-11 08:30 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2011-08-11 07:53 . 2011-08-11 08:30 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2011-08-11 07:53 . 2011-08-11 08:30 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2011-08-11 07:53 . 2011-08-11 08:30 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-08-11 07:53 . 2011-08-06 17:54 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2011-08-11 07:53 . 2011-08-11 08:30 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-08-11 07:53 . 2011-08-11 08:30 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-08-11 07:53 . 2011-08-11 08:30 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-08-11 07:53 . 2011-08-06 17:54 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2011-08-11 07:53 . 2011-08-06 17:54 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[7] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[7] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
.
[7] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2008-04-13 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[7] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[7] 2008-04-13 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[7] 2008-04-13 22:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2008-04-13 22:41 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[7] 2008-04-13 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[7] 2008-04-13 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
[7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rpcss.dll
.
[7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\services.exe
.
[7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe
.
[7] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-13 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[7] 2008-04-13 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[7] 2008-04-13 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\system32\dllcache\wuauclt.exe
.
[7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2007-02-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[7] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[7] 2008-04-13 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[7] 2008-04-13 22:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
[7] 2008-04-13 22:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\system32\dllcache\es.dll
.
[7] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2008-04-13 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
[7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kernel32.dll
.
[7] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[7] 2008-04-13 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[7] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[7] 2008-04-13 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2008-04-13 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
.
[7] 2008-04-13 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[7] 2008-04-13 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[7] 2007-02-18 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2003-06-19 19:05 . BA7BE6F92680B28B9031170659FD222D . 286773 . . [6.10.9844.0] . . c:\windows\system\msvcrt.dll
.
[7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
[7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\mswsock.dll
.
[7] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[7] 2008-04-13 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[7] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[7] 2008-04-13 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[7] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[7] 2008-04-13 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[7] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[7] 2008-04-13 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[7] 2008-04-13 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2008-04-13 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[7] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[7] 2008-04-13 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[7] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-13 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[7] 2008-04-13 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[7] 2008-04-13 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
[7] 2008-04-13 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
.
[7] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2008-04-13 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[7] 2008-04-13 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[7] 2008-04-13 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[7] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[7] 2008-04-13 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-13 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[7] 2008-04-13 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[7] 2008-04-13 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll
.
[7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll
[7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\dllcache\usp10.dll
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
.
[7] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-13 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll
.
[7] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[7] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2008-04-13 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[7] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2008-04-13 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[7] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[7] 2008-04-13 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2010-07-03 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[7] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[7] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[7] 2008-04-13 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[7] 2008-04-13 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[7] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[7] 2008-04-13 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[7] 2008-04-13 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2008-04-13 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[7] 2008-04-13 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2008-04-13 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[7] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[7] 2008-04-13 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[7] 2008-04-14 05:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[7] 2008-04-14 05:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[7] 2008-04-13 22:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
.
[7] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[7] 2008-04-13 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[7] 2008-04-13 22:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
[7] 2008-04-13 22:42 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[7] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
.
[7] 2008-04-13 22:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[7] 2008-04-13 22:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[7] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[7] 2008-04-13 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[7] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[7] 2008-04-13 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[7] 2008-04-13 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2008-04-13 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[7] 2008-04-13 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[7] 2008-04-13 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[7] 2008-04-13 22:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[7] 2008-04-13 22:42 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[7] 2008-04-13 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[7] 2008-04-13 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[7] 2008-04-13 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[7] 2008-04-13 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
.
.
[7] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
[7] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2008-04-13 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[7] 2008-04-13 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[7] 2008-04-13 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[7] 2008-04-13 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[7] 2008-04-13 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[7] 2008-04-13 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[7] 2008-04-13 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[7] 2008-04-13 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[7] 2008-04-13 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-04-29 3220912]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-07-02 458752]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2010-07-02 741376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-02 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-02 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-02 131072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-11 273544]
"autodetect"="c:\program files\Safaricom Broadband\AutoDect.exe" [2010-05-26 128864]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-24 352976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autochartist]
2011-01-25 19:10 4916560 ----a-w- c:\program files\Autochartist\autochartist_interbankfx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-13 16:06 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-04-29 10:49 3220912 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordWeb]
2009-11-08 21:18 65216 ------w- c:\program files\WordWeb\wweb32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\My Documents\\Downloads\\BitTorrent-7.2.1(1).exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/29/2011 6:43 PM 98392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [8/11/2011 11:30 AM 73216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/15/2010 3:56 PM 39424]
S1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [4/25/2011 6:41 PM 98160]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/17/2010 10:17 PM 113664]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/6/2010 8:58 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/6/2010 8:58 AM 8456]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [8/11/2011 11:30 AM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [8/11/2011 11:30 AM 235392]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/4/2011 9:40 PM 22216]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 11:22 PM 34064]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-13 16:06]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-13 16:06]
.
2011-11-04 c:\windows\Tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{6B77C15E-2662-49C1-BA87-4398E0F21B5C}: NameServer = 41.220.238.4,196.201.231.167
TCP: Interfaces\{8541A0A8-C403-47D8-AC89-C34BB98AEEB7}: NameServer = 41.220.238.4,196.201.231.167
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2111809&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - TVfree Customized Web Search
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-Livestation - c:\program files\Livestation\Livestation.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-05 01:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-2077806209-515967899-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,da,6a,0e,83,a7,18,46,b4,e7,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,da,6a,0e,83,a7,18,46,b4,e7,e1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):41,d8,c1,08,f2,7c,fb,61,28,c3,e4,fd,07,8a,ea,96,e5,a8,ff,0b,62,
52,7a,6e,84,8f,cb,ed,ac,52,32,7b,d4,d4,24,52,e0,c4,70,45,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):77,bb,8d,86,c9,f2,15,53,1d,d6,d5,83,1b,ab,0d,53,98,60,55,26,38,
b0,09,78,85,d3,58,67,7e,84,12,1f,3b,24,d7,cd,62,a1,e5,83,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{cacef07c-182a-4b92-941e-4bc52e0e5aca}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008e
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fad7e09b-f099-4c45-89bc-3b29bdabf179}]
@Denied: (Full) (Everyone)
"Model"=dword:00000112
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ab,9e,50,1b,eb,77,d1,ab,9b,4c,c0,c8,c5,f9,b5,7b,83,e0,8b,c5,07,bb,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1632)
c:\documents and settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\idt\wdm\STacSV.exe
c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe
c:\documents and settings\All Users\Application Data\Internet Everywhere 3G+\OnlineUpdate\ouc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\ZTEMT UI\bin\MonServiceUDisk.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Autorun Eater\billy.exe
.
**************************************************************************
.
Completion time: 2011-11-05 06:03:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-05 02:46
.
Pre-Run: 24,791,007,232 bytes free
Post-Run: 25,208,881,152 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\wubildr.mbr = "Ubuntu"
.
- - End Of File - - 93E12B330105123198E62A3DF409A00B

#9
RKinner

Posted 04 November 2011 - 11:10 PM

Malware Expert

Expert
24,625 posts

MBAM didn't work. Perhaps the Kaspersky firewall got in the way.

Uninstall Internet Download Manager.

Were you able to run TDSSKiller and aswMBR?

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. Wait a minute for things to settle down then File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Ron

#10
polepole

Posted 04 November 2011 - 11:43 PM

Member

Topic Starter
Member
102 posts

I have run theTDSSKiller and the aswMBR and these are the logs. the fix button of the asw was enabled.

TDSSKiller log

07:07:18.0218 1460 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
07:07:19.0359 1460 ============================================================
07:07:19.0375 1460 Current date / time: 2011/11/05 07:07:19.0359
07:07:19.0375 1460 SystemInfo:
07:07:19.0375 1460
07:07:19.0390 1460 OS Version: 5.1.2600 ServicePack: 3.0
07:07:19.0390 1460 Product type: Workstation
07:07:19.0406 1460 ComputerName: COMPUTER_1
07:07:19.0406 1460 UserName: Administrator
07:07:19.0406 1460 Windows directory: C:\WINDOWS
07:07:19.0406 1460 System windows directory: C:\WINDOWS
07:07:19.0406 1460 Processor architecture: Intel x86
07:07:19.0421 1460 Number of processors: 2
07:07:19.0421 1460 Page size: 0x1000
07:07:19.0421 1460 Boot type: Safe boot with network
07:07:19.0421 1460 ============================================================
07:07:26.0812 1460 Initialize success
07:07:47.0906 1764 ============================================================
07:07:47.0906 1764 Scan started
07:07:47.0906 1764 Mode: Manual;
07:07:47.0906 1764 ============================================================
07:07:50.0906 1764 Abiosdsk - ok
07:07:51.0328 1764 abp480n5 - ok
07:07:51.0796 1764 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:07:51.0828 1764 ACPI - ok
07:07:52.0671 1764 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:07:52.0687 1764 ACPIEC - ok
07:07:53.0453 1764 adpu160m - ok
07:07:53.0953 1764 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:07:53.0968 1764 aec - ok
07:07:54.0546 1764 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
07:07:54.0546 1764 AESTAud - ok
07:07:55.0296 1764 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
07:07:55.0359 1764 AFD - ok
07:07:55.0984 1764 Aha154x - ok
07:07:56.0406 1764 aic78u2 - ok
07:07:56.0843 1764 aic78xx - ok
07:07:57.0656 1764 AliIde - ok
07:07:58.0078 1764 amsint - ok
07:07:58.0515 1764 asc - ok
07:07:59.0296 1764 asc3350p - ok
07:07:59.0718 1764 asc3550 - ok
07:08:01.0078 1764 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:08:01.0093 1764 AsyncMac - ok
07:08:01.0812 1764 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:08:01.0812 1764 atapi - ok
07:08:02.0578 1764 Atdisk - ok
07:08:02.0859 1764 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:08:02.0859 1764 Atmarpc - ok
07:08:03.0312 1764 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:08:03.0312 1764 audstub - ok
07:08:03.0812 1764 BCM43XX (69dd2805f42f2de52a5fcbcfa9d8848f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
07:08:03.0921 1764 BCM43XX - ok
07:08:04.0421 1764 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:08:04.0437 1764 Beep - ok
07:08:04.0765 1764 catchme - ok
07:08:05.0046 1764 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:08:05.0062 1764 cbidf2k - ok
07:08:05.0281 1764 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:08:05.0296 1764 CCDECODE - ok
07:08:05.0515 1764 cd20xrnt - ok
07:08:05.0734 1764 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:08:05.0781 1764 Cdaudio - ok
07:08:06.0218 1764 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:08:06.0281 1764 Cdfs - ok
07:08:06.0546 1764 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:08:06.0593 1764 Cdrom - ok
07:08:07.0171 1764 Changer - ok
07:08:08.0328 1764 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:08:08.0375 1764 CmBatt - ok
07:08:08.0531 1764 CmdIde - ok
07:08:08.0734 1764 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:08:08.0750 1764 Compbatt - ok
07:08:09.0312 1764 Cpqarray - ok
07:08:09.0593 1764 dac2w2k - ok
07:08:09.0781 1764 dac960nt - ok
07:08:10.0078 1764 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:08:10.0078 1764 Disk - ok
07:08:10.0968 1764 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:08:11.0109 1764 dmboot - ok
07:08:11.0578 1764 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:08:11.0640 1764 dmio - ok
07:08:11.0875 1764 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:08:11.0937 1764 dmload - ok
07:08:12.0734 1764 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:08:12.0750 1764 DMusic - ok
07:08:13.0015 1764 dpti2o - ok
07:08:13.0265 1764 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:08:13.0296 1764 drmkaud - ok
07:08:13.0500 1764 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
07:08:13.0500 1764 epmntdrv - ok
07:08:14.0187 1764 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
07:08:14.0203 1764 EuGdiDrv - ok
07:08:14.0546 1764 ewusbnet (fb54f67974d13d73be3e2f1df042d295) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
07:08:14.0546 1764 ewusbnet - ok
07:08:15.0156 1764 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
07:08:15.0156 1764 ew_hwusbdev - ok
07:08:15.0421 1764 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:08:15.0437 1764 Fastfat - ok
07:08:15.0843 1764 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:08:15.0843 1764 Fdc - ok
07:08:16.0078 1764 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:08:16.0093 1764 Fips - ok
07:08:16.0312 1764 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:08:16.0312 1764 Flpydisk - ok
07:08:16.0515 1764 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:08:16.0531 1764 FltMgr - ok
07:08:16.0921 1764 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:08:16.0921 1764 Fs_Rec - ok
07:08:17.0171 1764 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:08:17.0171 1764 Ftdisk - ok
07:08:17.0421 1764 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:08:17.0421 1764 Gpc - ok
07:08:17.0671 1764 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:08:17.0671 1764 HDAudBus - ok
07:08:18.0312 1764 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:08:18.0328 1764 HidUsb - ok
07:08:18.0625 1764 hpn - ok
07:08:18.0828 1764 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
07:08:18.0937 1764 HTTP - ok
07:08:19.0250 1764 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
07:08:19.0250 1764 huawei_enumerator - ok
07:08:19.0640 1764 hwdatacard (f547f862b8907f1bcbd9b72a72a6449e) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
07:08:19.0687 1764 hwdatacard - ok
07:08:20.0000 1764 hwusbdev - ok
07:08:20.0875 1764 i2omgmt - ok
07:08:21.0234 1764 i2omp - ok
07:08:21.0312 1764 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:08:21.0312 1764 i8042prt - ok
07:08:22.0937 1764 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:08:23.0921 1764 ialm - ok
07:08:24.0265 1764 IDMTDI (d890bcc3070242f6ba34744bba756152) C:\WINDOWS\system32\DRIVERS\idmtdi.sys
07:08:24.0359 1764 IDMTDI - ok
07:08:24.0718 1764 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:08:24.0718 1764 Imapi - ok
07:08:25.0250 1764 ini910u - ok
07:08:25.0750 1764 IntelIde - ok
07:08:25.0984 1764 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:08:25.0984 1764 intelppm - ok
07:08:26.0468 1764 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:08:26.0468 1764 Ip6Fw - ok
07:08:26.0750 1764 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:08:26.0828 1764 IpFilterDriver - ok
07:08:27.0234 1764 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:08:27.0234 1764 IpInIp - ok
07:08:27.0484 1764 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:08:27.0515 1764 IpNat - ok
07:08:27.0796 1764 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:08:27.0796 1764 IPSec - ok
07:08:28.0171 1764 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:08:28.0218 1764 IRENUM - ok
07:08:28.0562 1764 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:08:28.0593 1764 isapnp - ok
07:08:28.0875 1764 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:08:28.0875 1764 Kbdclass - ok
07:08:29.0140 1764 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
07:08:29.0218 1764 KL1 - ok
07:08:29.0484 1764 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
07:08:29.0500 1764 kl2 - ok
07:08:29.0937 1764 KLIF (395a295fd9ea657b4a3621e402cc56c5) C:\WINDOWS\system32\DRIVERS\klif.sys
07:08:30.0250 1764 KLIF - ok
07:08:30.0515 1764 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
07:08:30.0531 1764 klim5 - ok
07:08:31.0046 1764 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
07:08:31.0062 1764 klmouflt - ok
07:08:31.0312 1764 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:08:31.0390 1764 kmixer - ok
07:08:31.0984 1764 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
07:08:32.0015 1764 KSecDD - ok
07:08:32.0296 1764 L1c (140f9b777fa84e2f5eeea5cadc112e53) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
07:08:32.0296 1764 L1c - ok
07:08:32.0812 1764 lbrtfdc - ok
07:08:33.0140 1764 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
07:08:33.0140 1764 MBAMProtector - ok
07:08:33.0578 1764 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:08:33.0578 1764 mnmdd - ok
07:08:34.0281 1764 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:08:34.0296 1764 Modem - ok
07:08:34.0671 1764 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:08:34.0718 1764 Mouclass - ok
07:08:34.0937 1764 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:08:34.0937 1764 mouhid - ok
07:08:35.0125 1764 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:08:35.0140 1764 MountMgr - ok
07:08:35.0593 1764 mraid35x - ok
07:08:35.0937 1764 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:08:36.0000 1764 MRxDAV - ok
07:08:36.0328 1764 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:08:36.0343 1764 MRxSmb - ok
07:08:36.0687 1764 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:08:36.0687 1764 Msfs - ok
07:08:37.0140 1764 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:08:37.0140 1764 MSKSSRV - ok
07:08:37.0468 1764 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:08:37.0468 1764 MSPCLOCK - ok
07:08:38.0062 1764 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:08:38.0062 1764 MSPQM - ok
07:08:38.0484 1764 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:08:38.0500 1764 mssmbios - ok
07:08:39.0062 1764 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
07:08:39.0109 1764 MSTEE - ok
07:08:39.0343 1764 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
07:08:39.0359 1764 Mup - ok
07:08:39.0578 1764 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:08:39.0593 1764 NABTSFEC - ok
07:08:39.0890 1764 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:08:40.0015 1764 NDIS - ok
07:08:40.0250 1764 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:08:40.0265 1764 NdisIP - ok
07:08:40.0468 1764 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:08:40.0468 1764 NdisTapi - ok
07:08:40.0671 1764 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:08:40.0718 1764 Ndisuio - ok
07:08:41.0093 1764 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:08:41.0109 1764 NdisWan - ok
07:08:41.0359 1764 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
07:08:41.0359 1764 NDProxy - ok
07:08:41.0906 1764 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:08:41.0937 1764 NetBIOS - ok
07:08:42.0375 1764 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:08:42.0406 1764 NetBT - ok
07:08:43.0062 1764 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
07:08:43.0062 1764 nm - ok
07:08:43.0265 1764 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
07:08:43.0296 1764 NPF - ok
07:08:43.0515 1764 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:08:43.0531 1764 Npfs - ok
07:08:44.0000 1764 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:08:44.0109 1764 Ntfs - ok
07:08:44.0750 1764 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:08:44.0781 1764 Null - ok
07:08:45.0031 1764 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:08:45.0046 1764 NwlnkFlt - ok
07:08:45.0250 1764 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:08:45.0250 1764 NwlnkFwd - ok
07:08:45.0921 1764 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
07:08:45.0921 1764 Parport - ok
07:08:46.0125 1764 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:08:46.0125 1764 PartMgr - ok
07:08:46.0359 1764 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:08:46.0359 1764 ParVdm - ok
07:08:46.0843 1764 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:08:46.0859 1764 PCI - ok
07:08:47.0453 1764 PCIDump - ok
07:08:47.0781 1764 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:08:47.0781 1764 PCIIde - ok
07:08:48.0406 1764 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:08:48.0421 1764 Pcmcia - ok
07:08:48.0734 1764 PDCOMP - ok
07:08:48.0937 1764 PDFRAME - ok
07:08:49.0109 1764 PDRELI - ok
07:08:49.0609 1764 PDRFRAME - ok
07:08:50.0000 1764 perc2 - ok
07:08:50.0578 1764 perc2hib - ok
07:08:51.0078 1764 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:08:51.0093 1764 PptpMiniport - ok
07:08:51.0640 1764 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:08:51.0671 1764 PSched - ok
07:08:51.0843 1764 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:08:51.0859 1764 Ptilink - ok
07:08:52.0093 1764 ql1080 - ok
07:08:52.0296 1764 Ql10wnt - ok
07:08:52.0421 1764 ql12160 - ok
07:08:52.0562 1764 ql1240 - ok
07:08:52.0765 1764 ql1280 - ok
07:08:52.0953 1764 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:08:52.0953 1764 RasAcd - ok
07:08:53.0265 1764 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:08:53.0265 1764 Rasl2tp - ok
07:08:54.0093 1764 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:08:54.0109 1764 RasPppoe - ok
07:08:54.0343 1764 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:08:54.0343 1764 Raspti - ok
07:08:54.0625 1764 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:08:54.0656 1764 Rdbss - ok
07:08:54.0828 1764 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:08:54.0843 1764 RDPCDD - ok
07:08:55.0156 1764 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:08:55.0187 1764 rdpdr - ok
07:08:55.0484 1764 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
07:08:55.0500 1764 RDPWD - ok
07:08:56.0093 1764 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:08:56.0109 1764 redbook - ok
07:08:57.0312 1764 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
07:08:57.0578 1764 SBRE - ok
07:08:58.0343 1764 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:08:58.0359 1764 Secdrv - ok
07:08:58.0765 1764 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
07:08:58.0765 1764 Serial - ok
07:08:59.0281 1764 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:08:59.0281 1764 Sfloppy - ok
07:09:00.0000 1764 Simbad - ok
07:09:00.0250 1764 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:09:00.0250 1764 SLIP - ok
07:09:00.0859 1764 Sparrow - ok
07:09:01.0328 1764 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:09:01.0328 1764 splitter - ok
07:09:01.0750 1764 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:09:01.0765 1764 sr - ok
07:09:02.0015 1764 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
07:09:02.0125 1764 Srv - ok
07:09:02.0687 1764 STHDA (4f500b19d3e5e7d0ffb4488e404a95b4) C:\WINDOWS\system32\drivers\sthda.sys
07:09:02.0859 1764 STHDA - ok
07:09:03.0359 1764 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:09:03.0375 1764 streamip - ok
07:09:03.0875 1764 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:09:03.0890 1764 swenum - ok
07:09:04.0250 1764 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:09:04.0265 1764 swmidi - ok
07:09:04.0484 1764 symc810 - ok
07:09:04.0703 1764 symc8xx - ok
07:09:05.0078 1764 sym_hi - ok
07:09:05.0265 1764 sym_u3 - ok
07:09:06.0015 1764 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:09:06.0093 1764 sysaudio - ok
07:09:06.0546 1764 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
07:09:06.0656 1764 taphss - ok
07:09:06.0953 1764 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:09:06.0968 1764 Tcpip - ok
07:09:07.0234 1764 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:09:07.0250 1764 TDPIPE - ok
07:09:07.0484 1764 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:09:07.0484 1764 TDTCP - ok
07:09:08.0031 1764 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:09:08.0031 1764 TermDD - ok
07:09:09.0640 1764 TosIde - ok
07:09:10.0296 1764 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:09:10.0296 1764 Udfs - ok
07:09:10.0718 1764 ultra - ok
07:09:11.0125 1764 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:09:11.0359 1764 Update - ok
07:09:12.0171 1764 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
07:09:12.0234 1764 usbaudio - ok
07:09:12.0562 1764 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:09:12.0562 1764 usbccgp - ok
07:09:12.0812 1764 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:09:12.0843 1764 usbehci - ok
07:09:13.0125 1764 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:09:13.0125 1764 usbhub - ok
07:09:13.0640 1764 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:09:13.0656 1764 usbprint - ok
07:09:14.0187 1764 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:09:14.0203 1764 usbscan - ok
07:09:14.0468 1764 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:09:14.0500 1764 usbstor - ok
07:09:14.0750 1764 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:09:14.0750 1764 usbuhci - ok
07:09:15.0000 1764 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
07:09:15.0000 1764 usbvideo - ok
07:09:15.0281 1764 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
07:09:15.0281 1764 usb_rndisx - ok
07:09:15.0546 1764 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:09:15.0546 1764 VgaSave - ok
07:09:15.0687 1764 ViaIde - ok
07:09:15.0921 1764 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:09:15.0921 1764 VolSnap - ok
07:09:16.0375 1764 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:09:16.0421 1764 Wanarp - ok
07:09:16.0859 1764 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
07:09:16.0953 1764 Wdf01000 - ok
07:09:17.0734 1764 WDICA - ok
07:09:18.0156 1764 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:09:18.0171 1764 wdmaud - ok
07:09:18.0796 1764 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:09:18.0812 1764 WmiAcpi - ok
07:09:20.0625 1764 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:09:20.0625 1764 WSTCODEC - ok
07:09:21.0500 1764 ztemtusbser (33a5e7628230636e718f2504b8f3d02a) C:\WINDOWS\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
07:09:21.0500 1764 ztemtusbser - ok
07:09:21.0703 1764 ZTEusbmdm6k (51f209472b8c09f7f7419c01ca8586f9) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
07:09:21.0718 1764 ZTEusbmdm6k - ok
07:09:21.0953 1764 ZTEusbnmea (51f209472b8c09f7f7419c01ca8586f9) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
07:09:21.0968 1764 ZTEusbnmea - ok
07:09:22.0218 1764 ZTEusbser6k (51f209472b8c09f7f7419c01ca8586f9) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
07:09:22.0218 1764 ZTEusbser6k - ok
07:09:23.0140 1764 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:09:23.0343 1764 \Device\Harddisk0\DR0 - ok
07:09:23.0359 1764 Boot (0x1200) (5c36b032e94734a10af208482e8a2f6b) \Device\Harddisk0\DR0\Partition0
07:09:23.0531 1764 \Device\Harddisk0\DR0\Partition0 - ok
07:09:23.0625 1764 Boot (0x1200) (eb8ee7af1e928178219a3f9585fbf945) \Device\Harddisk0\DR0\Partition1
07:09:23.0640 1764 \Device\Harddisk0\DR0\Partition1 - ok
07:09:23.0640 1764 ============================================================
07:09:23.0640 1764 Scan finished
07:09:23.0640 1764 ============================================================
07:09:23.0687 1152 Detected object count: 0
07:09:23.0687 1152 Actual detected object count: 0
07:09:55.0968 1448 Deinitialize success

aswMBR log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 07:20:54
-----------------------------
07:20:54.906 OS Version: Windows 5.1.2600 Service Pack 3
07:20:54.906 Number of processors: 2 586 0x1C02
07:20:54.906 ComputerName: COMPUTER_1 UserName:
07:20:59.578 Initialize success
07:46:44.906 AVAST engine defs: 11110500
08:03:42.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:03:42.609 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
08:03:42.890 Disk 0 MBR read successfully
08:03:42.921 Disk 0 MBR scan
08:03:42.984 Disk 0 Windows XP default MBR code
08:03:43.015 Disk 0 scanning sectors +312576705
08:03:43.109 Disk 0 scanning C:\WINDOWS\system32\drivers
08:04:48.625 Service scanning
08:04:55.640 Modules scanning
08:05:02.656 AVAST engine scan C:\WINDOWS
08:05:13.265 File: C:\WINDOWS\sttray.exe **INFECTED** Win32:Vitro
08:05:21.734 AVAST engine scan C:\WINDOWS\system32
08:05:38.312 File: C:\WINDOWS\system32\AESTFltr.exe **INFECTED** Win32:Vitro
08:08:56.093 File: C:\WINDOWS\system32\igfxext.exe **INFECTED** Win32:Vitro
08:09:12.453 File: C:\WINDOWS\system32\igfxsrvc.exe **INFECTED** Win32:Vitro
08:22:52.328 File: C:\WINDOWS\system32\stacsv.exe **INFECTED** Win32:Vitro
08:24:23.093 AVAST engine scan C:\WINDOWS\system32\drivers
08:24:45.218 AVAST engine scan C:\Documents and Settings\Administrator
08:30:51.906 AVAST engine scan C:\Documents and Settings\All Users
08:36:39.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
08:36:39.406 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

#11
polepole

Posted 05 November 2011 - 12:24 AM

Member

Topic Starter
Member
102 posts

hi this is the OTL scan

OTL logfile created on: 11/5/2011 8:45:46 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 602.54 Mb Available Physical Memory | 59.35% Memory free
2.38 Gb Paging File | 2.14 Gb Available in Paging File | 89.74% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.13 Gb Total Space | 23.39 Gb Free Space | 33.35% Space Free | Partition Type: NTFS
Drive D: | 78.91 Gb Total Space | 21.15 Gb Free Space | 26.81% Space Free | Partition Type: NTFS

Computer Name: COMPUTER_1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/27 19:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/10/01 21:54:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/24 03:43:48 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions\{c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}\components\RadioWMPCoreGecko7.dll
MOD - [2011/10/01 21:54:22 | 001,833,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HWDeviceService.exe)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 10:53:34 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Internet Everywhere 3G+\UpdateDog\ouc.exe -- (Internet Everywhere 3G+. RunOuc)
SRV - [2010/09/24 20:12:15 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/07/02 12:16:05 | 000,221,184 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/12/21 09:53:26 | 000,512,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ZTEMT UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2007/11/06 23:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/11 10:53:37 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/08/11 10:53:37 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/08/11 10:53:36 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/08/11 10:53:36 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/28 20:46:40 | 000,098,160 | ---- | M] (Tonec Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/24 20:12:15 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/09/08 08:56:48 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/09/04 01:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/07/17 22:22:49 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/07/15 18:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 18:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/25 14:51:28 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/06/29 23:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/04/21 20:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/31 23:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/04/13 20:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 23:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TVfree Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "TVfree Customized Web Search"
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\components [2011/10/01 21:54:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/09/21 06:37:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3

[2011/07/11 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/26 23:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions
[2011/10/26 23:43:04 | 000,000,000 | ---D | M] (TVfree Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions\{c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}
[2011/06/19 12:16:08 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\searchplugins\conduit.xml
[2011/11/04 20:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 19:48:51 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/21 06:38:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/07/27 11:09:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/10/01 00:05:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/05 00:49:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [autodetect] C:\Program Files\Safaricom Broadband\AutoDect.exe ()
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B77C15E-2662-49C1-BA87-4398E0F21B5C}: NameServer = 41.220.238.4,196.201.231.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8541A0A8-C403-47D8-AC89-C34BB98AEEB7}: NameServer = 41.220.238.4,196.201.231.167
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/17 22:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/05 08:49:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/05 07:03:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/05 00:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/05 00:38:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/05 00:33:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/05 00:33:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/05 00:33:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/05 00:33:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/05 00:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/05 00:33:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 00:33:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/11/05 00:16:36 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/04 21:40:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/04 21:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/04 21:30:23 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.2.1300(1).exe
[2011/11/04 20:41:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/04 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2011/11/04 07:51:40 | 000,000,000 | ---D | C] -- C:\autorun.inf
[2011/10/31 20:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/10/31 20:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/30 21:00:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:44:00 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/10/29 18:43:59 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/29 18:40:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/29 10:47:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 10:10:49 | 000,000,000 | ---D | C] -- C:\ubuntu
[2011/10/27 19:50:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/25 22:13:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/23 10:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook
[2011/10/09 21:36:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ZTEEVDO
[2011/10/09 21:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZTEMT UI
[2011/10/09 21:22:28 | 000,104,704 | ---- | C] (ZTEMT Incorporated) -- C:\WINDOWS\System32\drivers\CT_ZTEMT_U_USBSER.sys
[2011/10/09 21:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\ZTEMT UI
[2011/10/07 05:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/10/06 23:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Interbank FX
[2011/10/06 21:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/05 08:36:39 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/05 07:00:41 | 000,764,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/05 07:00:41 | 000,260,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/05 06:55:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/05 06:52:25 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job
[2011/11/05 04:47:05 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
[2011/11/05 00:49:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/05 00:38:31 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2011/11/05 00:18:32 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:36:09 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.2.1300(1).exe
[2011/11/04 20:35:35 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/11/04 07:47:43 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Flash_Disinfector.exe
[2011/11/03 17:42:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/01 23:48:15 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
[2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:48:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/29 11:59:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/28 16:14:39 | 000,134,978 | ---- | M] () -- C:\wubildr
[2011/10/28 16:14:14 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2011/10/28 16:12:48 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2011/10/27 19:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/22 00:11:04 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fxTrade Practice.lnk
[2011/10/20 14:03:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/20 08:27:35 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/09 21:23:19 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Internet Everywhere 3G+.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/05 08:36:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/05 00:38:31 | 000,000,238 | ---- | C] () -- C:\Boot.bak
[2011/11/05 00:38:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/05 00:33:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/05 00:33:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 00:33:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/05 00:33:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/05 00:33:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/11/04 07:47:42 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Flash_Disinfector.exe
[2011/10/29 18:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:12:48 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2011/10/28 16:12:47 | 000,134,978 | ---- | C] () -- C:\wubildr
[2011/10/25 23:22:32 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/09/21 15:19:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 23:10:00 | 000,000,088 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2011/07/23 09:28:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/12/23 22:48:16 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\AI_ContextMenu.dll
[2010/12/23 17:36:09 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/09/21 06:38:29 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/21 06:38:29 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/09/07 21:46:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/06 08:58:11 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/06 08:58:11 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/06 08:58:11 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/06 08:58:11 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/06 08:58:11 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/29 21:13:40 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 08:36:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/17 22:20:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/07/17 22:10:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 22:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/17 14:55:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/17 14:53:49 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/04/14 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 23:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/12/31 03:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,764,870 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,260,786 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

The second OTL scan log

OTL Extras logfile created on: 11/5/2011 8:45:46 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 602.54 Mb Available Physical Memory | 59.35% Memory free
2.38 Gb Paging File | 2.14 Gb Available in Paging File | 89.74% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.13 Gb Total Space | 23.39 Gb Free Space | 33.35% Space Free | Partition Type: NTFS
Drive D: | 78.91 Gb Total Space | 21.15 Gb Free Space | 26.81% Space Free | Partition Type: NTFS

Computer Name: COMPUTER_1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"D:\My Documents\Downloads\BitTorrent-7.2.1(1).exe" = D:\My Documents\Downloads\BitTorrent-7.2.1(1).exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = FXDD Malta - MetaTrader 4 4.00
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Safaricom Mobile Office
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8B2F4D-9910-4381-B85A-789A7868E5A5}" = Money Manager
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{75D5B2BE-E76C-4C3C-93A7-1C1D74085295}" = IBFX Australia Trader 4 1.2
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Safaricom Broadband
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autorun Eater_is1" = Autorun Eater v2.5
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Debut" = Debut Video Capture Software
"DirectFoldersAppID_is1" = Direct Folders
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.1.1 Home Edition
"ExpressFX" = ExpressFX
"FLVCodec" = PlayFLV
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 3.8.0.0
"Foxit Reader" = Foxit Reader
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" = Freecorder
"FXCM Micro Trading Station II" = FXCM Micro Trading Station II
"HaaliHaaliReaderCE" = Haali Reader CE 2.0 (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Interbank FX Trader 4" = Interbank FX Trader 4 Build 226
"Internet Everywhere 3G+" = Internet Everywhere 3G+
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"OpenAL" = OpenAL
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"Safaricom Broadband" = Safaricom Broadband
"Streamster" = Marketiva
"TeraCopy_is1" = TeraCopy 2.12
"UninstEGWhite" = White Estate Software
"VLC media player" = VLC media player 1.1.11
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
"Wubi" = Ubuntu
"Zain e-GO" = Zain e-GO
"ZTEWireless-101_is1" = ZTEMT UI

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Autochartist" = IBFX - PRS 3.3.4
"fxTrade Practice" = fxTrade Practice
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2011 9:47:18 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 6730, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 6/15/2011 5:55:03 PM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.3.1249.0, faulting module
qdvd.dll, version 6.5.2600.5512, fault address 0x000189ad.

Error - 6/15/2011 6:11:14 PM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.3.1249.0, faulting module
qdvd.dll, version 6.5.2600.5512, fault address 0x000189ad.

Error - 6/20/2011 3:33:41 PM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/20/2011 3:33:41 PM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 6/21/2011 1:10:13 AM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application idman.exe, version 5.19.2.1, faulting module
idman.exe, version 5.19.2.1, fault address 0x00177db9.

Error - 6/21/2011 1:14:26 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/21/2011 1:14:26 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 6/21/2011 5:09:59 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/21/2011 5:09:59 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

[ Application Events ]
Error - 6/15/2011 9:47:18 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 6730, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 6/15/2011 5:55:03 PM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.3.1249.0, faulting module
qdvd.dll, version 6.5.2600.5512, fault address 0x000189ad.

Error - 6/15/2011 6:11:14 PM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.3.1249.0, faulting module
qdvd.dll, version 6.5.2600.5512, fault address 0x000189ad.

Error - 6/20/2011 3:33:41 PM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/20/2011 3:33:41 PM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 6/21/2011 1:10:13 AM | Computer Name = COMPUTER_1 | Source = Application Error | ID = 1000
Description = Faulting application idman.exe, version 5.19.2.1, faulting module
idman.exe, version 5.19.2.1, fault address 0x00177db9.

Error - 6/21/2011 1:14:26 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/21/2011 1:14:26 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 6/21/2011 5:09:59 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 6/21/2011 5:09:59 AM | Computer Name = COMPUTER_1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

[ OSession Events ]
Error - 8/6/2010 3:10:42 AM | Computer Name = COMPUTER_1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20866
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/10/2010 4:03:38 PM | Computer Name = COMPUTER_1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6942
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/5/2011 12:05:55 AM | Computer Name = COMPUTER_1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/5/2011 12:10:01 AM | Computer Name = COMPUTER_1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/5/2011 12:13:25 AM | Computer Name = COMPUTER_1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/5/2011 12:17:17 AM | Computer Name = COMPUTER_1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/5/2011 1:36:39 AM | Computer Name = COMPUTER_1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/5/2011 1:41:24 AM | Computer Name = COMPUTER_1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/5/2011 1:49:50 AM | Computer Name = COMPUTER_1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/5/2011 1:50:24 AM | Computer Name = COMPUTER_1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/5/2011 1:51:39 AM | Computer Name = COMPUTER_1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/5/2011 2:21:45 AM | Computer Name = COMPUTER_1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >

#12
RKinner

Posted 05 November 2011 - 12:32 AM

Malware Expert

Expert
24,625 posts

If the Fix button is available on aswMBR then go back in and run the scan again this time change the a-v scan to c:\ before you start the scan. It will take longer but it will look at more files. When it finishes let it Fix it. Then run aswMBR again and post both logs. (I think it just tacks the new log at the bottom of the old one.)

You may need to reinstall the intel chipset utility again after the fix and possible a sound driver.

I should warn you that this VITRO virus is another name for Virut. Virut is a such a nasty virus that we usually just call for the a reformat and reinstall. Perhaps Kaspersky has held it to just a few files.

If the PC survives the fix (boots OK) then see if you can get ESET to work:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Ron

#13
polepole

Posted 05 November 2011 - 12:45 AM

Member

Topic Starter
Member
102 posts

Hi
I unistalled the IDM and have run the explorer and this the log

Process PID CPU Private Bytes Working Set Description Company Name
csrss.exe 1520 1,568 K 3,636 K Client Server Runtime Process Microsoft Corporation
explorer.exe 1976 19,040 K 26,656 K Windows Explorer Microsoft Corporation
firefox.exe 940 137,180 K 143,228 K Firefox Mozilla Corporation
lsass.exe 1600 2,152 K 1,132 K LSA Shell (Export Version) Microsoft Corporation
smss.exe 1468 164 K 372 K Windows NT Session Manager Microsoft Corporation
svchost.exe 248 1,476 K 3,652 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 380 1,016 K 2,848 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1768 2,836 K 4,616 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1852 1,604 K 4,044 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 228 9,488 K 14,056 K Generic Host Process for Win32 Services Microsoft Corporation
System 4 0 K 228 K
winlogon.exe 1544 4,424 K 1,336 K Windows NT Logon Application Microsoft Corporation
wmiprvse.exe 1220 2,204 K 4,628 K WMI Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
procexp.exe 832 0.78 9,696 K 13,736 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
System Idle Process 0 6.25 0 K 16 K
services.exe 1588 92.97 2,080 K 4,688 K Services and Controller app Microsoft Corporation