Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

destop and start menu vanished

Started by wysiwyg2008 , Nov 22 2011 11:47 AM

Please log in to reply

#1
wysiwyg2008

Posted 22 November 2011 - 11:47 AM

Member

Member
43 posts

Sorry posted this in the wrong forum before.

Hello,

I think I got infected with a trojan last night. The java icon suddenly appeared by the clock when visiting a web page which I assume to be the trojan 'loading'. Suddenly I had about 20 task bar icons all the same saying c drive cannot be read and brought up a suspicious spyware removal tool I havent installed. I managed to close the programme and all the tasks when I suddenly got a warning triangle by the clock and ram usage too high. There was also a suspicious programme running in task manager which started 7OB and various numbers.exe (this seems to have gone now though)

When I have started up my computer again my desktop is now only showing the 4 icons that come with xp, all the others that were on there have been deleted. When I click the start button the list of programmes has also gone. I can still access the internet and all of my installed programmes are still on the drive and work however I have noticed all of my files appear to be hidden even on my external harddrives. Only a few were visible (mostly .exe files). I have turned on view hidden files and they are all still there, and have all been made read only, archived and hidden. Also I tried using the search feature and I can now longer search through just 1 drive, only 'local hard drives'

Is it a trojan or has my registry maybe been corrupted?

Many thanks, Kieran

#2
RKinner

Posted 22 November 2011 - 07:31 PM

Malware Expert

Expert
24,625 posts

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Download, Save and Run unhide.exe and Run As Administrator from

http://download.blee...ide.exeDownload OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
wysiwyg2008

Posted 23 November 2011 - 11:30 AM

Member

Topic Starter
Member
43 posts

Hello, here are all of the results:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8223

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/11/2011 13:22:56
mbam-log-2011-11-23 (13-22-56).txt

Scan type: Quick scan
Objects scanned: 173627
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\7bo9pmnflg7sy5.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\aybcecwccvra.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\godhejibdcd.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\User\local settings\Temp\0.9232794219893022df35.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\User\local settings\Temp\jar_cache2447174659901916635.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

ComboFix 11-11-23.01 - User 23/11/2011 16:42:37.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1537 [GMT 0:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\User\Application Data\inst.exe
c:\documents and settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\documents and settings\User\Application Data\Toolbar4
c:\documents and settings\User\Application Data\vso_ts_preview.xml
c:\documents and settings\User\Desktop\System Fix.lnk
c:\documents and settings\User\Start Menu\Programs\System Fix
c:\documents and settings\User\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\User\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\documents and settings\User\WINDOWS
c:\windows\system32\Thumbs.db
K:\Autorun.inf
K:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 13:28 . 2011-11-23 13:28 -------- d-----w- C:\VritualRoot
2011-11-23 13:14 . 2011-11-23 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-23 13:14 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-02 18:08 . 2011-11-02 18:08 -------- d-----w- c:\documents and settings\User\Application Data\Adobe Mini Bridge CS6
2011-11-02 18:08 . 2011-11-02 18:08 -------- d-----w- c:\documents and settings\User\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-11-02 18:08 . 2011-11-02 18:08 -------- d-----w- c:\documents and settings\All Users\Adobe
2011-11-02 13:28 . 2011-11-02 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-11-01 13:57 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 14:32 . 2011-05-16 14:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2009-02-03 15:29 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 17:48 . 2010-09-10 22:40 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:48 . 2010-09-10 22:40 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48 . 2010-09-10 22:40 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2010-09-10 22:40 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2010-09-10 22:41 300200 ----a-w- c:\windows\system32\guard32.dll
2011-09-28 22:54 . 2011-09-28 22:54 947472 ----a-w- c:\windows\system32\msjava.dll
2011-09-28 07:06 . 2008-04-14 04:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2008-04-14 00:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-11 23:39 . 2011-05-07 16:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-22 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-09 16851968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2011-09-28 1039872]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-11-22 16:01 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\p:\0autocheck autochk /p \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 16:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-26 17:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-17 16:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-11-06 16:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-24 20:17 385928 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-09-17 22:55 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 20:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fileshare\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Fileshare\\BitComet\\BitComet.exe"=
"c:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\clones\\Bin\\ClonesGame.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20201:TCP"= 20201:TCP:BitComet 20201 TCP
"20201:UDP"= 20201:UDP:BitComet 20201 UDP
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10/09/2010 22:40 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 22:40 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 22:40 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [05/08/2009 15:06 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 15:06 67656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/08/2009 15:48 94880]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [25/08/2011 16:33 29184]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [08/06/2010 08:16 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/07/2010 15:57 136176]
S3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [19/01/2010 15:47 23936]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19/07/2010 15:57 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\system32\drivers\MemStPCI.SYS [25/08/2011 17:10 26112]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [05/08/2010 10:21 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [05/08/2010 10:21 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 20:22 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 15:06 12872]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-22 c:\windows\Tasks\AdobeAAMUpdater-1.0-OWNER-D3B0183A0-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-11-02 18:15]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 15:57]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 15:57]
.
2011-11-01 c:\windows\Tasks\jucheck.job
- c:\program files\Java\jre1.6.0_07\bin\jucheck.exe [2009-02-03 04:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: &D&ownload &with BitComet - c:\program files\Fileshare\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\Fileshare\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\Fileshare\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-InternodeUsage - c:\progra~1\INTERN~2\mum.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 16:56
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-220523388-1343024091-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:85,48,ed,1c,8a,a6,c6,d5,9c,6b,c6,a5,9f,2c,69,67,ec,19,61,7a,21,39,b6,
8e,9d,56,76,0e,56,21,8f,7b,01,61,44,26,b4,36,5d,9d,b1,4e,c8,85,7a,ff,a0,f3,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-220523388-1343024091-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:07,fe,49,58,10,48,c6,3f,b6,45,39,fa,92,cd,f7,c9,d5,24,38,c7,31,
67,63,35,a8,8c,c9,00,d0,5c,4c,cc,de,ee,3d,09,1d,54,5b,18,21,96,de,6c,5e,8f,\
"rkeysecu"=hex:6e,bc,41,99,4a,c0,b2,0b,df,7c,4d,0e,9a,3a,83,5d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(772)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2011-11-23 17:00:35
ComboFix-quarantined-files.txt 2011-11-23 17:00
.
Pre-Run: 316,312,887,296 bytes free
Post-Run: 317,004,435,456 bytes free
.
- - End Of File - - 6BC715C84CA98C2E3BBF4891B3C7C864

17:05:51.0218 3308 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
17:05:51.0796 3308 ============================================================
17:05:51.0796 3308 Current date / time: 2011/11/23 17:05:51.0796
17:05:51.0796 3308 SystemInfo:
17:05:51.0796 3308
17:05:51.0796 3308 OS Version: 5.1.2600 ServicePack: 3.0
17:05:51.0796 3308 Product type: Workstation
17:05:51.0796 3308 ComputerName: OWNER-D3B0183A0
17:05:51.0796 3308 UserName: User
17:05:51.0796 3308 Windows directory: C:\WINDOWS
17:05:51.0796 3308 System windows directory: C:\WINDOWS
17:05:51.0796 3308 Processor architecture: Intel x86
17:05:51.0796 3308 Number of processors: 2
17:05:51.0796 3308 Page size: 0x1000
17:05:51.0796 3308 Boot type: Normal boot
17:05:51.0796 3308 ============================================================
17:05:55.0203 3308 Initialize success
17:05:57.0500 3536 ============================================================
17:05:57.0500 3536 Scan started
17:05:57.0500 3536 Mode: Manual;
17:05:57.0500 3536 ============================================================
17:05:58.0968 3536 Abiosdsk - ok
17:05:58.0984 3536 abp480n5 - ok
17:05:59.0031 3536 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:05:59.0031 3536 ACPI - ok
17:05:59.0062 3536 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:05:59.0062 3536 ACPIEC - ok
17:05:59.0078 3536 adpu160m - ok
17:05:59.0109 3536 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:05:59.0109 3536 aec - ok
17:05:59.0156 3536 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:05:59.0156 3536 AFD - ok
17:05:59.0171 3536 Aha154x - ok
17:05:59.0171 3536 aic78u2 - ok
17:05:59.0171 3536 aic78xx - ok
17:05:59.0187 3536 AliIde - ok
17:05:59.0187 3536 amsint - ok
17:05:59.0203 3536 asc - ok
17:05:59.0203 3536 asc3350p - ok
17:05:59.0218 3536 asc3550 - ok
17:05:59.0250 3536 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:05:59.0250 3536 AsyncMac - ok
17:05:59.0265 3536 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:05:59.0265 3536 atapi - ok
17:05:59.0265 3536 Atdisk - ok
17:05:59.0312 3536 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:05:59.0312 3536 Atmarpc - ok
17:05:59.0343 3536 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:05:59.0343 3536 audstub - ok
17:05:59.0390 3536 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:05:59.0390 3536 Beep - ok
17:05:59.0421 3536 catchme - ok
17:05:59.0437 3536 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:05:59.0437 3536 cbidf2k - ok
17:05:59.0437 3536 cd20xrnt - ok
17:05:59.0484 3536 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:05:59.0484 3536 Cdaudio - ok
17:05:59.0484 3536 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:05:59.0484 3536 Cdfs - ok
17:05:59.0500 3536 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:05:59.0500 3536 Cdrom - ok
17:05:59.0515 3536 Changer - ok
17:05:59.0546 3536 cmderd (2c12ed35c32f63bfba0b28db384378e6) C:\WINDOWS\system32\DRIVERS\cmderd.sys
17:05:59.0546 3536 cmderd - ok
17:05:59.0578 3536 cmdGuard (be1e51b694cadc4043e428a914ee544e) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
17:05:59.0578 3536 cmdGuard - ok
17:05:59.0593 3536 cmdHlp (f0a78783a95b788856eec1c36d0a1e59) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
17:05:59.0593 3536 cmdHlp - ok
17:05:59.0593 3536 CmdIde - ok
17:05:59.0609 3536 Cpqarray - ok
17:05:59.0625 3536 dac2w2k - ok
17:05:59.0625 3536 dac960nt - ok
17:05:59.0640 3536 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:05:59.0640 3536 Disk - ok
17:05:59.0796 3536 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:05:59.0796 3536 dmboot - ok
17:05:59.0828 3536 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:05:59.0828 3536 dmio - ok
17:05:59.0859 3536 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:05:59.0859 3536 dmload - ok
17:05:59.0875 3536 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:05:59.0875 3536 DMusic - ok
17:05:59.0875 3536 dpti2o - ok
17:05:59.0906 3536 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:05:59.0906 3536 drmkaud - ok
17:05:59.0968 3536 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:05:59.0968 3536 Fastfat - ok
17:05:59.0968 3536 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:05:59.0968 3536 Fdc - ok
17:06:00.0000 3536 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:06:00.0000 3536 Fips - ok
17:06:00.0031 3536 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:06:00.0031 3536 Flpydisk - ok
17:06:00.0062 3536 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:06:00.0062 3536 FltMgr - ok
17:06:00.0109 3536 FNETTHJM (f01e22d86f5d86819da806c32cd09b3e) C:\WINDOWS\system32\drivers\fnetthjm.sys
17:06:00.0109 3536 FNETTHJM - ok
17:06:00.0109 3536 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:06:00.0109 3536 Fs_Rec - ok
17:06:00.0125 3536 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:06:00.0125 3536 Ftdisk - ok
17:06:00.0140 3536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:06:00.0140 3536 GEARAspiWDM - ok
17:06:00.0156 3536 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
17:06:00.0156 3536 giveio - ok
17:06:00.0171 3536 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:06:00.0171 3536 Gpc - ok
17:06:00.0203 3536 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:06:00.0203 3536 HDAudBus - ok
17:06:00.0203 3536 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:06:00.0203 3536 HidUsb - ok
17:06:00.0218 3536 hpn - ok
17:06:00.0250 3536 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:06:00.0250 3536 HTTP - ok
17:06:00.0265 3536 i2omgmt - ok
17:06:00.0265 3536 i2omp - ok
17:06:00.0296 3536 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:06:00.0296 3536 i8042prt - ok
17:06:00.0312 3536 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:06:00.0312 3536 Imapi - ok
17:06:00.0312 3536 ini910u - ok
17:06:00.0343 3536 Inspect (d22ac37cbe6cf295416ef84245b804a8) C:\WINDOWS\system32\DRIVERS\inspect.sys
17:06:00.0343 3536 Inspect - ok
17:06:00.0484 3536 IntcAzAudAddService (053517d1bcadf00bedb21fb7218c8f33) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:06:00.0500 3536 IntcAzAudAddService - ok
17:06:00.0515 3536 IntelIde - ok
17:06:00.0531 3536 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:06:00.0531 3536 intelppm - ok
17:06:00.0546 3536 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:06:00.0562 3536 Ip6Fw - ok
17:06:00.0578 3536 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:06:00.0578 3536 IpFilterDriver - ok
17:06:00.0593 3536 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:06:00.0593 3536 IpInIp - ok
17:06:00.0625 3536 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:06:00.0625 3536 IpNat - ok
17:06:00.0640 3536 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:06:00.0640 3536 IPSec - ok
17:06:00.0671 3536 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:06:00.0671 3536 IRENUM - ok
17:06:00.0687 3536 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:06:00.0687 3536 isapnp - ok
17:06:00.0687 3536 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:06:00.0687 3536 Kbdclass - ok
17:06:00.0718 3536 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:06:00.0718 3536 kmixer - ok
17:06:00.0750 3536 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:06:00.0750 3536 KSecDD - ok
17:06:00.0750 3536 lbrtfdc - ok
17:06:00.0796 3536 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\WINDOWS\system32\DRIVERS\libusb0.sys
17:06:00.0796 3536 libusb0 - ok
17:06:00.0812 3536 MBAMSwissArmy - ok
17:06:00.0843 3536 MemStPCI (f0f5c4c4bf6018414b066a3600799c77) C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS
17:06:00.0843 3536 MemStPCI - ok
17:06:00.0890 3536 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:06:00.0890 3536 mnmdd - ok
17:06:00.0937 3536 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:06:00.0937 3536 Modem - ok
17:06:00.0953 3536 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:06:00.0953 3536 Mouclass - ok
17:06:00.0984 3536 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:06:00.0984 3536 mouhid - ok
17:06:00.0984 3536 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:06:00.0984 3536 MountMgr - ok
17:06:01.0000 3536 mraid35x - ok
17:06:01.0031 3536 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:06:01.0031 3536 MRxDAV - ok
17:06:01.0062 3536 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:06:01.0062 3536 MRxSmb - ok
17:06:01.0093 3536 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:06:01.0093 3536 Msfs - ok
17:06:01.0125 3536 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:06:01.0125 3536 MSKSSRV - ok
17:06:01.0140 3536 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:06:01.0140 3536 MSPCLOCK - ok
17:06:01.0156 3536 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:06:01.0156 3536 MSPQM - ok
17:06:01.0171 3536 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:06:01.0171 3536 mssmbios - ok
17:06:01.0187 3536 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:06:01.0187 3536 Mup - ok
17:06:01.0218 3536 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:06:01.0218 3536 NDIS - ok
17:06:01.0265 3536 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:06:01.0265 3536 NdisTapi - ok
17:06:01.0281 3536 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:06:01.0281 3536 Ndisuio - ok
17:06:01.0296 3536 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:06:01.0296 3536 NdisWan - ok
17:06:01.0312 3536 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:06:01.0312 3536 NDProxy - ok
17:06:01.0328 3536 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:06:01.0328 3536 NetBIOS - ok
17:06:01.0328 3536 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:06:01.0328 3536 NetBT - ok
17:06:01.0359 3536 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
17:06:01.0359 3536 nm - ok
17:06:01.0406 3536 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
17:06:01.0406 3536 nmwcd - ok
17:06:01.0453 3536 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
17:06:01.0453 3536 nmwcdc - ok
17:06:01.0468 3536 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
17:06:01.0468 3536 nmwcdnsu - ok
17:06:01.0500 3536 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
17:06:01.0500 3536 nmwcdnsuc - ok
17:06:01.0531 3536 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
17:06:01.0531 3536 NPF - ok
17:06:01.0531 3536 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:06:01.0531 3536 Npfs - ok
17:06:01.0562 3536 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:06:01.0578 3536 Ntfs - ok
17:06:01.0578 3536 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:06:01.0578 3536 Null - ok
17:06:01.0781 3536 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:06:01.0796 3536 nv - ok
17:06:01.0843 3536 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\drivers\nvatabus.sys
17:06:01.0843 3536 nvatabus - ok
17:06:01.0890 3536 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:06:01.0890 3536 NVENETFD - ok
17:06:01.0921 3536 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:06:01.0921 3536 nvnetbus - ok
17:06:01.0937 3536 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:06:01.0937 3536 NwlnkFlt - ok
17:06:01.0953 3536 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:06:01.0953 3536 NwlnkFwd - ok
17:06:01.0984 3536 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:06:01.0984 3536 Parport - ok
17:06:02.0000 3536 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:06:02.0000 3536 PartMgr - ok
17:06:02.0031 3536 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:06:02.0031 3536 ParVdm - ok
17:06:02.0062 3536 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:06:02.0062 3536 pccsmcfd - ok
17:06:02.0093 3536 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:06:02.0093 3536 PCI - ok
17:06:02.0093 3536 PCIDump - ok
17:06:02.0109 3536 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:06:02.0109 3536 PCIIde - ok
17:06:02.0125 3536 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:06:02.0140 3536 Pcmcia - ok
17:06:02.0171 3536 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:06:02.0171 3536 pcouffin - ok
17:06:02.0171 3536 PDCOMP - ok
17:06:02.0187 3536 PDFRAME - ok
17:06:02.0187 3536 PDRELI - ok
17:06:02.0203 3536 PDRFRAME - ok
17:06:02.0203 3536 perc2 - ok
17:06:02.0218 3536 perc2hib - ok
17:06:02.0250 3536 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:06:02.0250 3536 PptpMiniport - ok
17:06:02.0250 3536 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:06:02.0250 3536 PSched - ok
17:06:02.0265 3536 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:06:02.0265 3536 Ptilink - ok
17:06:02.0281 3536 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:06:02.0281 3536 PxHelp20 - ok
17:06:02.0296 3536 ql1080 - ok
17:06:02.0296 3536 Ql10wnt - ok
17:06:02.0312 3536 ql12160 - ok
17:06:02.0312 3536 ql1240 - ok
17:06:02.0328 3536 ql1280 - ok
17:06:02.0359 3536 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:06:02.0359 3536 RasAcd - ok
17:06:02.0375 3536 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:06:02.0375 3536 Rasl2tp - ok
17:06:02.0375 3536 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:06:02.0390 3536 RasPppoe - ok
17:06:02.0390 3536 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:06:02.0390 3536 Raspti - ok
17:06:02.0406 3536 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:06:02.0406 3536 Rdbss - ok
17:06:02.0421 3536 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:06:02.0421 3536 RDPCDD - ok
17:06:02.0468 3536 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:06:02.0468 3536 RDPWD - ok
17:06:02.0484 3536 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:06:02.0484 3536 redbook - ok
17:06:02.0640 3536 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:06:02.0640 3536 SASDIFSV - ok
17:06:02.0671 3536 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
17:06:02.0671 3536 SASENUM - ok
17:06:02.0703 3536 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
17:06:02.0703 3536 SASKUTIL - ok
17:06:02.0750 3536 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:06:02.0750 3536 Secdrv - ok
17:06:02.0765 3536 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:06:02.0765 3536 Serial - ok
17:06:02.0796 3536 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:06:02.0796 3536 Sfloppy - ok
17:06:02.0812 3536 Simbad - ok
17:06:02.0812 3536 Sparrow - ok
17:06:02.0843 3536 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\WINDOWS\system32\speedfan.sys
17:06:02.0843 3536 speedfan - ok
17:06:02.0890 3536 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:06:02.0890 3536 splitter - ok
17:06:02.0921 3536 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:06:02.0921 3536 sr - ok
17:06:02.0968 3536 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:06:02.0968 3536 Srv - ok
17:06:02.0984 3536 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:06:02.0984 3536 swenum - ok
17:06:03.0015 3536 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:06:03.0015 3536 swmidi - ok
17:06:03.0031 3536 symc810 - ok
17:06:03.0046 3536 symc8xx - ok
17:06:03.0046 3536 sym_hi - ok
17:06:03.0062 3536 sym_u3 - ok
17:06:03.0093 3536 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:06:03.0093 3536 sysaudio - ok
17:06:03.0140 3536 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:06:03.0140 3536 Tcpip - ok
17:06:03.0171 3536 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:06:03.0171 3536 TDPIPE - ok
17:06:03.0187 3536 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:06:03.0187 3536 TDTCP - ok
17:06:03.0187 3536 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:06:03.0187 3536 TermDD - ok
17:06:03.0203 3536 TosIde - ok
17:06:03.0234 3536 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:06:03.0234 3536 Udfs - ok
17:06:03.0250 3536 ultra - ok
17:06:03.0296 3536 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:06:03.0296 3536 Update - ok
17:06:03.0328 3536 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
17:06:03.0328 3536 upperdev - ok
17:06:03.0375 3536 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:06:03.0375 3536 USBAAPL - ok
17:06:03.0421 3536 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:06:03.0421 3536 usbccgp - ok
17:06:03.0437 3536 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:06:03.0437 3536 usbehci - ok
17:06:03.0437 3536 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:06:03.0437 3536 usbhub - ok
17:06:03.0453 3536 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:06:03.0453 3536 usbohci - ok
17:06:03.0515 3536 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:06:03.0515 3536 usbprint - ok
17:06:03.0562 3536 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:06:03.0562 3536 usbscan - ok
17:06:03.0593 3536 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
17:06:03.0593 3536 usbser - ok
17:06:03.0640 3536 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
17:06:03.0640 3536 UsbserFilt - ok
17:06:03.0687 3536 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:06:03.0687 3536 USBSTOR - ok
17:06:03.0703 3536 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:06:03.0703 3536 VgaSave - ok
17:06:03.0718 3536 ViaIde - ok
17:06:03.0750 3536 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:06:03.0750 3536 VolSnap - ok
17:06:03.0765 3536 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:06:03.0765 3536 Wanarp - ok
17:06:03.0812 3536 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:06:03.0812 3536 Wdf01000 - ok
17:06:03.0828 3536 WDICA - ok
17:06:03.0875 3536 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:06:03.0875 3536 wdmaud - ok
17:06:03.0937 3536 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:06:03.0937 3536 WpdUsb - ok
17:06:03.0984 3536 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:06:03.0984 3536 WudfPf - ok
17:06:04.0015 3536 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:06:04.0015 3536 WudfRd - ok
17:06:04.0046 3536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:06:04.0125 3536 \Device\Harddisk0\DR0 - ok
17:06:04.0125 3536 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
17:06:04.0531 3536 \Device\Harddisk1\DR2 - ok
17:06:04.0562 3536 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk10\DR17
17:06:04.0578 3536 \Device\Harddisk10\DR17 - ok
17:06:04.0578 3536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR7
17:06:04.0578 3536 \Device\Harddisk6\DR7 - ok
17:06:04.0609 3536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk7\DR14
17:06:04.0609 3536 \Device\Harddisk7\DR14 - ok
17:06:04.0625 3536 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk8\DR15
17:06:04.0625 3536 \Device\Harddisk8\DR15 - ok
17:06:04.0640 3536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk9\DR16
17:06:04.0640 3536 \Device\Harddisk9\DR16 - ok
17:06:04.0640 3536 Boot (0x1200) (9eea597aa98ed8268a85799195b6e78a) \Device\Harddisk0\DR0\Partition0
17:06:04.0640 3536 \Device\Harddisk0\DR0\Partition0 - ok
17:06:04.0640 3536 Boot (0x1200) (5996667e2c94e550c7916b398e822b77) \Device\Harddisk1\DR2\Partition0
17:06:04.0640 3536 \Device\Harddisk1\DR2\Partition0 - ok
17:06:04.0640 3536 Boot (0x1200) (b92b6e9c69927ec2516ba1a3a7cfe560) \Device\Harddisk10\DR17\Partition0
17:06:04.0640 3536 \Device\Harddisk10\DR17\Partition0 - ok
17:06:04.0656 3536 Boot (0x1200) (daf56ba80e6f1d78f6e88ffc640d929a) \Device\Harddisk6\DR7\Partition0
17:06:04.0656 3536 \Device\Harddisk6\DR7\Partition0 - ok
17:06:04.0656 3536 Boot (0x1200) (9db1475f184de0bb621e6c8735d9ccc7) \Device\Harddisk7\DR14\Partition0
17:06:04.0656 3536 \Device\Harddisk7\DR14\Partition0 - ok
17:06:04.0656 3536 Boot (0x1200) (8143c56c5795d1b1915e2384411c407c) \Device\Harddisk8\DR15\Partition0
17:06:04.0656 3536 \Device\Harddisk8\DR15\Partition0 - ok
17:06:04.0656 3536 Boot (0x1200) (d888c90ffec77de86e4cc1b1bba006ec) \Device\Harddisk9\DR16\Partition0
17:06:04.0671 3536 \Device\Harddisk9\DR16\Partition0 - ok
17:06:04.0671 3536 ============================================================
17:06:04.0671 3536 Scan finished
17:06:04.0671 3536 ============================================================
17:06:04.0671 1676 Detected object count: 0
17:06:04.0671 1676 Actual detected object count: 0
17:06:23.0671 3188 Deinitialize success

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-23 17:06:58
-----------------------------
17:06:58.703 OS Version: Windows 5.1.2600 Service Pack 3
17:06:58.703 Number of processors: 2 586 0xF06
17:06:58.703 ComputerName: OWNER-D3B0183A0 UserName: User
17:06:59.687 Initialize success
17:07:31.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
17:07:31.015 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-05 Size: 476940MB BusType: 3
17:07:33.046 Disk 0 MBR read successfully
17:07:33.046 Disk 0 MBR scan
17:07:33.046 Disk 0 Windows XP default MBR code
17:07:33.046 Disk 0 scanning sectors +976752000
17:07:33.093 Disk 0 scanning C:\WINDOWS\system32\drivers
17:07:38.812 Service scanning
17:07:39.921 Modules scanning
17:07:42.781 Scan finished successfully
17:08:02.921 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
17:08:03.375 The log file has been saved successfully to "G:\aswMBR.txt"

OTL logfile created on: 23/11/2011 17:23:00 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.42% Memory free
3.85 Gb Paging File | 3.19 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 302.78 Gb Free Space | 65.01% Space Free | Partition Type: NTFS
Drive F: | 233.70 Gb Total Space | 63.43 Gb Free Space | 27.14% Space Free | Partition Type: FAT32
Drive G: | 298.02 Gb Total Space | 26.28 Gb Free Space | 8.82% Space Free | Partition Type: FAT32
Drive H: | 931.51 Gb Total Space | 69.78 Gb Free Space | 7.49% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 381.25 Gb Free Space | 40.93% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 585.87 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 634.78 Gb Free Space | 34.07% Space Free | Partition Type: NTFS

Computer Name: OWNER-D3B0183A0 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 15:23:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/11/11 23:39:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/20 11:58:40 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/11 23:39:32 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/07 17:46:29 | 000,068,424 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
MOD - [2010/12/11 08:00:00 | 003,704,320 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2010/11/07 12:18:14 | 000,552,960 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\splitter.ax
MOD - [2010/11/07 12:17:40 | 000,150,528 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkx.dll
MOD - [2010/11/07 12:17:30 | 000,109,568 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\avi.dll
MOD - [2010/11/07 12:13:50 | 000,080,384 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll
MOD - [2010/02/05 18:29:26 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/13 11:44:56 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/02/13 11:44:52 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/02/13 11:44:52 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2008/09/17 22:55:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008/04/14 04:42:04 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/02/25 17:50:46 | 000,061,440 | ---- | M] () -- C:\Program Files\Dvd Creation\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll
MOD - [2006/02/25 17:50:16 | 000,023,552 | ---- | M] () -- C:\Program Files\Dvd Creation\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/11/06 20:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

========== Driver Services (SafeList) ==========

DRV - [2011/11/22 16:01:04 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/11/22 16:01:04 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/11/22 16:01:01 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/07 17:48:02 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 17:48:01 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 17:48:00 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/10/07 17:47:59 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/12/18 11:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/01/19 15:47:23 | 000,023,936 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2008/10/15 13:08:53 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008/10/15 13:01:54 | 000,026,112 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MemStPCI.SYS -- (MemStPCI) Sony Memory Stick controller (PCI)
DRV - [2008/09/09 18:07:36 | 004,813,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/07 17:11:30 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 20:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/11/20 10:00:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/04/14 12:49:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 15:49:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 23:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 08:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/04/14 12:49:23 | 000,000,000 | ---D | M]

[2009/07/09 09:16:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/11/16 18:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions
[2011/10/02 11:01:25 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/06/25 08:42:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/31 11:28:51 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/06/22 22:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions\Access Privileges Test
[2011/11/11 23:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DQZLCGD1.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2009/07/08 17:45:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 15:49:31 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/11/11 23:39:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 22:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/03 13:36:14 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/03 13:36:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/03 13:36:14 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/03 13:36:14 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/10/29 16:51:36 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/10/03 13:36:14 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/23 16:55:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Fileshare\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Fileshare\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\Fileshare\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Fileshare\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\Fileshare\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECA68C8-B1A8-4964-8563-166D5AB87BEB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/03 15:30:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/02 15:01:36 | 008,794,999 | ---- | M] () - F:\AutoGordianKnot.2.27.Setup.exe -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\P:)
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/23 17:03:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/23 16:39:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/23 16:39:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/23 16:39:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/23 16:39:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/23 16:39:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/23 16:39:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/23 16:38:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2011/11/23 15:23:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/11/23 13:28:07 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2011/11/23 13:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/23 13:14:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/23 13:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/21 23:02:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent
[2011/11/17 13:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/02 18:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Adobe Mini Bridge CS6
[2011/11/02 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/02 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Adobe
[2011/11/02 13:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/11/01 13:57:53 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2010/06/08 08:16:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/23 17:26:39 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/11/23 17:08:46 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/11/23 17:05:13 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/23 17:04:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/23 16:55:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/23 15:23:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/11/23 15:04:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/23 13:27:58 | 000,194,297 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/23 13:26:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/22 20:43:58 | 000,196,896 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/11/22 20:43:52 | 000,177,393 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/11/22 02:03:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-OWNER-D3B0183A0-User.job
[2011/11/21 22:56:37 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7BO9PmNFlG7SY5
[2011/11/20 11:22:15 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/17 13:07:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/16 15:35:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 23:29:18 | 000,612,323 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella.bak
[2011/11/14 23:14:55 | 682,202,855 | ---- | M] () -- C:\Documents and Settings\User\Desktop\sn0wbreeze_iPhone 4-4.3.3.ipsw
[2011/11/14 14:32:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/09 23:59:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/04 15:49:22 | 000,002,516 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/11/04 11:38:06 | 004,452,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/02 18:11:11 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS6 Prefs
[2011/11/02 18:09:31 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Adobe BMP Format CS6 Prefs
[2011/11/02 13:12:36 | 000,612,323 | ---- | M] () -- C:\WINDOWS\System32\drivers\Copy (3) of HOSTS
[2011/11/01 13:47:47 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\jucheck.job
[2011/10/30 09:01:46 | 000,458,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 09:01:46 | 000,078,690 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/11/23 17:08:42 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/11/23 16:50:21 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2011/11/23 16:50:21 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/23 16:50:21 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/11/23 16:50:21 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/23 16:50:21 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/23 16:50:21 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/23 16:50:21 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/23 16:50:20 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/23 16:50:20 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2011/11/23 16:50:20 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Player.lnk
[2011/11/23 16:50:20 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Ovi Player.lnk
[2011/11/23 16:50:20 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2011/11/23 16:50:20 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Map Loader.lnk
[2011/11/23 16:50:20 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2011/11/23 16:50:20 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2011/11/23 16:50:20 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD.lnk
[2011/11/23 16:50:20 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mega Manager.lnk
[2011/11/23 16:50:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/23 16:50:20 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/23 16:50:20 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/23 16:50:20 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/11/23 16:50:20 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/11/23 16:50:20 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2011/11/23 16:50:20 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2011/11/23 16:50:20 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2011/11/23 16:50:20 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS6.lnk
[2011/11/23 16:50:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/23 16:50:20 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/23 16:50:20 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/23 16:50:20 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\D-Fend Reloaded.lnk
[2011/11/23 16:50:20 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\JDownloader.lnk
[2011/11/23 16:50:20 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/11/23 16:50:20 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\IsoBuster.lnk
[2011/11/23 16:50:20 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WMRX.lnk
[2011/11/23 16:50:20 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mixcraft 4.lnk
[2011/11/23 16:50:20 | 000,000,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/23 16:50:20 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/23 16:50:19 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP640 series On-screen Manual.lnk
[2011/11/23 16:50:19 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk
[2011/11/23 16:50:19 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/11/23 16:50:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/23 16:50:19 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP640 series User Registration.LNK
[2011/11/23 16:50:19 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2011/11/23 16:50:19 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2011/11/23 16:50:19 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2011/11/23 16:39:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/23 16:39:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/23 16:39:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/23 16:39:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/23 16:39:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/22 20:43:58 | 000,196,896 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/11/22 20:43:52 | 000,177,393 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/11/21 22:56:22 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7BO9PmNFlG7SY5
[2011/11/14 23:13:03 | 682,202,855 | ---- | C] () -- C:\Documents and Settings\User\Desktop\sn0wbreeze_iPhone 4-4.3.3.ipsw
[2011/11/14 16:33:58 | 000,612,323 | ---- | C] () -- C:\WINDOWS\System32\drivers\Copy (3) of HOSTS
[2011/11/02 18:11:11 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS6 Prefs
[2011/11/02 18:09:31 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe BMP Format CS6 Prefs
[2011/11/02 15:02:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-OWNER-D3B0183A0-User.job
[2011/06/16 09:16:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/05/29 15:30:45 | 000,001,324 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\2bu60wsojm2w8o1ftc4q28u1mj
[2011/05/29 15:30:45 | 000,001,324 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2bu60wsojm2w8o1ftc4q28u1mj
[2010/12/26 12:57:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/16 00:15:42 | 001,477,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/31 17:03:30 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\User\Application Data\winscp.rnd
[2010/08/27 07:58:32 | 000,290,968 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/08 08:16:48 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
[2010/06/08 08:16:48 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
[2010/05/09 10:08:18 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl15.dat.temp
[2010/05/06 16:27:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/05/06 12:54:50 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/05/06 12:54:50 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/05/06 12:54:50 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/05/06 12:54:50 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/05/06 12:54:50 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/05/06 12:54:50 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/05/06 12:54:50 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/05/06 12:54:50 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/05/06 12:54:50 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/05/06 12:54:50 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/05/06 12:54:50 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/05/06 12:54:50 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/05/06 12:54:50 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/05/06 12:54:50 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/05/06 12:54:50 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/05/06 12:54:50 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/05/06 12:54:50 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/05/06 12:54:50 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/05/06 12:54:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/04 20:53:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/11/11 11:37:18 | 002,542,458 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2009/10/20 21:45:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/10/07 12:06:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/30 15:16:50 | 000,102,144 | ---- | C] () -- C:\WINDOWS\hpgins15.dat.temp
[2009/08/30 15:16:50 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl15.dat
[2009/08/16 23:16:16 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/16 23:16:16 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/16 23:15:51 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/11 12:36:45 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/08/11 11:57:19 | 000,000,120 | ---- | C] () -- C:\WINDOWS\comodo firewallCIS_Setup_3.10.102363.531_XP_Vista_x32.INI
[2009/08/09 17:23:19 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/08/09 17:13:32 | 000,102,091 | ---- | C] () -- C:\WINDOWS\hpgins15.dat
[2009/08/03 16:05:47 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2009/07/13 10:21:20 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/07/09 19:14:40 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys
[2009/07/09 09:16:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/08 18:00:18 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/08 10:46:13 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/08 10:46:05 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/03 15:58:27 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/02/03 15:33:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/03 15:29:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/03 15:25:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/03 15:24:26 | 004,452,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/16 14:01:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/16 14:01:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 14:01:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/16 14:01:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 20:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/18 13:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2004/08/04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,458,560 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,078,690 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/04/18 02:02:00 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >

OTL Extras logfile created on: 23/11/2011 17:23:00 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.42% Memory free
3.85 Gb Paging File | 3.19 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 302.78 Gb Free Space | 65.01% Space Free | Partition Type: NTFS
Drive F: | 233.70 Gb Total Space | 63.43 Gb Free Space | 27.14% Space Free | Partition Type: FAT32
Drive G: | 298.02 Gb Total Space | 26.28 Gb Free Space | 8.82% Space Free | Partition Type: FAT32
Drive H: | 931.51 Gb Total Space | 69.78 Gb Free Space | 7.49% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 381.25 Gb Free Space | 40.93% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 585.87 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 634.78 Gb Free Space | 34.07% Space Free | Partition Type: NTFS

Computer Name: OWNER-D3B0183A0 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\\VLCPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [File && Folder Unlocker] -- C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.657\ffunlock.exe %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\\VLCPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"20201:TCP" = 20201:TCP:*:Enabled:BitComet 20201 TCP
"20201:UDP" = 20201:UDP:*:Enabled:BitComet 20201 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Fileshare\uTorrent\utorrent.exe" = C:\Program Files\Fileshare\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Fileshare\BitComet\BitComet.exe" = C:\Program Files\Fileshare\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Games\Unreal Tournament 3\Binaries\UT3.exe" = C:\Games\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam.exe -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\common\clones\Bin\ClonesGame.exe" = C:\Program Files\Steam\SteamApps\common\clones\Bin\ClonesGame.exe:*:Enabled:Clones -- ()
"C:\Program Files\WinSCP\WinSCP.exe" = C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:WinSCP -- (Martin Prikryl)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{67903736-E9BB-4664-B148-F62BCAB4FA42}_is1" = OpenMPT 1.19
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.05.26
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAFAD936-3BF7-4BC6-92AA-68BEC2693571}" = Evil Under the Sun
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D586BF67-0A61-4572-BE25-07B40C4CEDA1}" = Adobe Photoshop CS6
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.9.347
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"abgx360" = abgx360 v1.0.2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MP640 series User Registration" = Canon MP640 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"D-Fend Reloaded" = D-Fend Reloaded 0.9.2 (deinstall)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 7_is1" = DVDFab 7.0.6.7 (30/05/2010)
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"HyperCam 2" = HyperCam 2
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.6 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MVApplication1" = Memorex exPressit Label Design Studio
"Nokia Ovi Suite" = Nokia Ovi Suite
"OpenAL" = OpenAL
"RealAlt_is1" = Real Alternative 2.0.2
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Steam App 72400" = Clones
"SureThing CD Labeler LightScribe_is1" = SureThing CD Labeler LightScribe 5.0.581.0
"The Incredible Machine Series_is1" = The Incredible Machine Series
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinAVI Video Converter 10.0_is1" = WinAVI Video Converter
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.1.8
"WORD" = Microsoft Office Word 2007
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Lemmini" = Lemmini
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4
RKinner

Posted 23 November 2011 - 12:10 PM

Malware Expert

Expert
24,625 posts

Uninstall:
McAfee SiteAdvisor

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
[2010/01/31 11:28:51 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Fileshare\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O34 - HKLM BootExecute: (autocheck autochk /r \??\P:)
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
[2011/11/21 22:56:37 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7BO9PmNFlG7SY5
[2011/05/29 15:30:45 | 000,001,324 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\2bu60wsojm2w8o1ftc4q28u1mj
[2011/05/29 15:30:45 | 000,001,324 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2bu60wsojm2w8o1ftc4q28u1mj

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config AppMgmt start= disabled /c
    
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Any sign of your start menu items?

Ron

#5
wysiwyg2008

Posted 24 November 2011 - 12:40 PM

Member

Topic Starter
Member
43 posts

Hi, I tried to run the OTL fix but it kept hanging and eventually send not responding

Vino's Event Viewer v01c run on Windows XP in English
Report run at 24/11/2011 18:26:10

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/11/2011 18:25:28
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk7\D, has a bad block.

Log: 'System' Date/Time: 24/11/2011 18:24:25
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk7\D, has a bad block.

Log: 'System' Date/Time: 24/11/2011 18:24:23
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk7\D, has a bad block.

Log: 'System' Date/Time: 24/11/2011 18:23:24
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk7\D, has a bad block.

Log: 'System' Date/Time: 24/11/2011 18:23:20
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk7\D, has a bad block.

Log: 'System' Date/Time: 24/11/2011 18:23:18
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk7\D, has a bad block.

Log: 'System' Date/Time: 24/11/2011 18:23:15
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk7\D, has a bad block.

Log: 'System' Date/Time: 24/11/2011 18:23:06
Type: error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume J:.

Log: 'System' Date/Time: 24/11/2011 18:23:06
Type: error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume I:.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows XP in English
Report run at 24/11/2011 18:27:17

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 24/11/2011 18:27:57 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.40% Memory free
3.85 Gb Paging File | 3.15 Gb Available in Paging File | 81.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 303.10 Gb Free Space | 65.08% Space Free | Partition Type: NTFS
Drive F: | 233.70 Gb Total Space | 63.43 Gb Free Space | 27.14% Space Free | Partition Type: FAT32
Drive G: | 298.02 Gb Total Space | 21.38 Gb Free Space | 7.18% Space Free | Partition Type: FAT32
Drive H: | 931.51 Gb Total Space | 69.51 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 381.25 Gb Free Space | 40.93% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 585.87 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 634.78 Gb Free Space | 34.07% Space Free | Partition Type: NTFS

Computer Name: OWNER-D3B0183A0 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 15:23:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/11/22 16:01:04 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/11/11 23:39:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/20 11:58:40 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/22 16:01:18 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/11/14 14:32:57 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/11 23:39:32 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/07 17:46:29 | 000,068,424 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/13 11:44:56 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/02/13 11:44:52 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/02/13 11:44:52 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2006/02/25 17:50:46 | 000,061,440 | ---- | M] () -- C:\Program Files\Dvd Creation\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll
MOD - [2006/02/25 17:50:16 | 000,023,552 | ---- | M] () -- C:\Program Files\Dvd Creation\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/11/06 20:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

========== Driver Services (SafeList) ==========

DRV - [2011/11/22 16:01:04 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/11/22 16:01:04 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/11/22 16:01:01 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/07 17:48:02 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 17:48:01 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 17:48:00 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/10/07 17:47:59 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/12/18 11:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/01/19 15:47:23 | 000,023,936 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2008/10/15 13:08:53 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008/10/15 13:01:54 | 000,026,112 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MemStPCI.SYS -- (MemStPCI) Sony Memory Stick controller (PCI)
DRV - [2008/09/09 18:07:36 | 004,813,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/07 17:11:30 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 20:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/11/20 10:00:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/04/14 12:49:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/23 18:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 23:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 08:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/04/14 12:49:23 | 000,000,000 | ---D | M]

[2009/07/09 09:16:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/11/23 18:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions
[2011/10/02 11:01:25 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/06/25 08:42:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/22 22:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions\Access Privileges Test
[2011/11/11 23:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DQZLCGD1.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2009/07/08 17:45:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/23 18:23:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/11/11 23:39:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 22:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/03 13:36:14 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/03 13:36:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/03 13:36:14 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/03 13:36:14 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/10/29 16:51:36 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/10/03 13:36:14 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/23 16:55:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Fileshare\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\Fileshare\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Fileshare\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\Fileshare\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECA68C8-B1A8-4964-8563-166D5AB87BEB}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/03 15:30:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/02 15:01:36 | 008,794,999 | ---- | M] () - F:\AutoGordianKnot.2.27.Setup.exe -- [ FAT32 ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 18:25:31 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2011/11/23 18:22:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/23 17:03:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/23 16:39:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/23 16:39:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/23 16:39:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/23 16:39:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/23 16:39:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/23 16:39:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/23 16:38:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2011/11/23 15:23:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/11/23 13:28:07 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2011/11/23 13:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/23 13:14:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/23 13:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/21 23:02:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent
[2011/11/17 13:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/02 18:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Adobe Mini Bridge CS6
[2011/11/02 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/02 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Adobe
[2011/11/02 13:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/11/01 13:57:53 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2010/06/08 08:16:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/24 18:32:17 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/11/24 18:25:37 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2011/11/24 18:23:34 | 000,194,297 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/24 18:23:26 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/24 18:22:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/24 18:04:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/23 19:34:00 | 000,002,516 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/11/23 17:37:48 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/23 17:08:46 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/11/23 16:55:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/23 15:23:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/11/22 20:43:58 | 000,196,896 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/11/22 20:43:52 | 000,177,393 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/11/22 02:03:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-OWNER-D3B0183A0-User.job
[2011/11/21 22:56:37 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7BO9PmNFlG7SY5
[2011/11/20 11:22:15 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/17 13:07:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/16 15:35:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 23:29:18 | 000,612,323 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella.bak
[2011/11/14 23:14:55 | 682,202,855 | ---- | M] () -- C:\Documents and Settings\User\Desktop\sn0wbreeze_iPhone 4-4.3.3.ipsw
[2011/11/14 14:32:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/09 23:59:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/04 11:38:06 | 004,452,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/02 18:11:11 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS6 Prefs
[2011/11/02 18:09:31 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Adobe BMP Format CS6 Prefs
[2011/11/02 13:12:36 | 000,612,323 | ---- | M] () -- C:\WINDOWS\System32\drivers\Copy (3) of HOSTS
[2011/11/01 13:47:47 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\jucheck.job
[2011/10/30 09:01:46 | 000,458,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 09:01:46 | 000,078,690 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/11/23 17:08:42 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/11/23 16:50:21 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2011/11/23 16:50:21 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/23 16:50:21 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/11/23 16:50:21 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/23 16:50:21 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/23 16:50:21 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/23 16:50:21 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/23 16:50:20 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/23 16:50:20 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2011/11/23 16:50:20 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Player.lnk
[2011/11/23 16:50:20 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Ovi Player.lnk
[2011/11/23 16:50:20 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2011/11/23 16:50:20 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Map Loader.lnk
[2011/11/23 16:50:20 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2011/11/23 16:50:20 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2011/11/23 16:50:20 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD.lnk
[2011/11/23 16:50:20 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mega Manager.lnk
[2011/11/23 16:50:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/23 16:50:20 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/23 16:50:20 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/23 16:50:20 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/11/23 16:50:20 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/11/23 16:50:20 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2011/11/23 16:50:20 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2011/11/23 16:50:20 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2011/11/23 16:50:20 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS6.lnk
[2011/11/23 16:50:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/23 16:50:20 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/23 16:50:20 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/23 16:50:20 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\D-Fend Reloaded.lnk
[2011/11/23 16:50:20 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\JDownloader.lnk
[2011/11/23 16:50:20 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/11/23 16:50:20 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\IsoBuster.lnk
[2011/11/23 16:50:20 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WMRX.lnk
[2011/11/23 16:50:20 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mixcraft 4.lnk
[2011/11/23 16:50:20 | 000,000,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/23 16:50:20 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/23 16:50:19 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP640 series On-screen Manual.lnk
[2011/11/23 16:50:19 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk
[2011/11/23 16:50:19 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/11/23 16:50:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/23 16:50:19 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP640 series User Registration.LNK
[2011/11/23 16:50:19 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2011/11/23 16:50:19 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2011/11/23 16:50:19 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2011/11/23 16:39:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/23 16:39:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/23 16:39:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/23 16:39:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/23 16:39:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/22 20:43:58 | 000,196,896 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/11/22 20:43:52 | 000,177,393 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/11/21 22:56:22 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7BO9PmNFlG7SY5
[2011/11/14 23:13:03 | 682,202,855 | ---- | C] () -- C:\Documents and Settings\User\Desktop\sn0wbreeze_iPhone 4-4.3.3.ipsw
[2011/11/14 16:33:58 | 000,612,323 | ---- | C] () -- C:\WINDOWS\System32\drivers\Copy (3) of HOSTS
[2011/11/02 18:11:11 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS6 Prefs
[2011/11/02 18:09:31 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe BMP Format CS6 Prefs
[2011/11/02 15:02:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-OWNER-D3B0183A0-User.job
[2011/06/16 09:16:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/05/29 15:30:45 | 000,001,324 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\2bu60wsojm2w8o1ftc4q28u1mj
[2011/05/29 15:30:45 | 000,001,324 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2bu60wsojm2w8o1ftc4q28u1mj
[2010/12/26 12:57:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/16 00:15:42 | 001,477,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/31 17:03:30 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\User\Application Data\winscp.rnd
[2010/08/27 07:58:32 | 000,290,968 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/08 08:16:48 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
[2010/06/08 08:16:48 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
[2010/05/09 10:08:18 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl15.dat.temp
[2010/05/06 16:27:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/05/06 12:54:50 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/05/06 12:54:50 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/05/06 12:54:50 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/05/06 12:54:50 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/05/06 12:54:50 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/05/06 12:54:50 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/05/06 12:54:50 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/05/06 12:54:50 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/05/06 12:54:50 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/05/06 12:54:50 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/05/06 12:54:50 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/05/06 12:54:50 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/05/06 12:54:50 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/05/06 12:54:50 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/05/06 12:54:50 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/05/06 12:54:50 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/05/06 12:54:50 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/05/06 12:54:50 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/05/06 12:54:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/04 20:53:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/11/11 11:37:18 | 002,542,458 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2009/10/20 21:45:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/10/07 12:06:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/30 15:16:50 | 000,102,144 | ---- | C] () -- C:\WINDOWS\hpgins15.dat.temp
[2009/08/30 15:16:50 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl15.dat
[2009/08/16 23:16:16 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/16 23:16:16 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/16 23:15:51 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/11 12:36:45 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/08/11 11:57:19 | 000,000,120 | ---- | C] () -- C:\WINDOWS\comodo firewallCIS_Setup_3.10.102363.531_XP_Vista_x32.INI
[2009/08/09 17:23:19 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/08/09 17:13:32 | 000,102,091 | ---- | C] () -- C:\WINDOWS\hpgins15.dat
[2009/08/03 16:05:47 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2009/07/13 10:21:20 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/07/09 19:14:40 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys
[2009/07/09 09:16:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/08 18:00:18 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/08 10:46:13 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/08 10:46:05 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/03 15:58:27 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/02/03 15:33:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/03 15:29:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/03 15:25:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/03 15:24:26 | 004,452,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/16 14:01:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/16 14:01:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 14:01:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/16 14:01:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 20:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/18 13:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2004/08/04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,458,560 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,078,690 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/04/18 02:02:00 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >

OTL Extras logfile created on: 24/11/2011 18:27:57 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.40% Memory free
3.85 Gb Paging File | 3.15 Gb Available in Paging File | 81.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 303.10 Gb Free Space | 65.08% Space Free | Partition Type: NTFS
Drive F: | 233.70 Gb Total Space | 63.43 Gb Free Space | 27.14% Space Free | Partition Type: FAT32
Drive G: | 298.02 Gb Total Space | 21.38 Gb Free Space | 7.18% Space Free | Partition Type: FAT32
Drive H: | 931.51 Gb Total Space | 69.51 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 381.25 Gb Free Space | 40.93% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 585.87 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 634.78 Gb Free Space | 34.07% Space Free | Partition Type: NTFS

Computer Name: OWNER-D3B0183A0 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\\VLCPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [File && Folder Unlocker] -- C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.657\ffunlock.exe %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\\VLCPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"20201:TCP" = 20201:TCP:*:Enabled:BitComet 20201 TCP
"20201:UDP" = 20201:UDP:*:Enabled:BitComet 20201 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Fileshare\uTorrent\utorrent.exe" = C:\Program Files\Fileshare\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Fileshare\BitComet\BitComet.exe" = C:\Program Files\Fileshare\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Games\Unreal Tournament 3\Binaries\UT3.exe" = C:\Games\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam.exe -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\common\clones\Bin\ClonesGame.exe" = C:\Program Files\Steam\SteamApps\common\clones\Bin\ClonesGame.exe:*:Enabled:Clones -- ()
"C:\Program Files\WinSCP\WinSCP.exe" = C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:WinSCP -- (Martin Prikryl)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{67903736-E9BB-4664-B148-F62BCAB4FA42}_is1" = OpenMPT 1.19
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.05.26
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAFAD936-3BF7-4BC6-92AA-68BEC2693571}" = Evil Under the Sun
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D586BF67-0A61-4572-BE25-07B40C4CEDA1}" = Adobe Photoshop CS6
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.9.347
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"abgx360" = abgx360 v1.0.2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MP640 series User Registration" = Canon MP640 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"D-Fend Reloaded" = D-Fend Reloaded 0.9.2 (deinstall)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 7_is1" = DVDFab 7.0.6.7 (30/05/2010)
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"HyperCam 2" = HyperCam 2
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.6 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MVApplication1" = Memorex exPressit Label Design Studio
"Nokia Ovi Suite" = Nokia Ovi Suite
"OpenAL" = OpenAL
"RealAlt_is1" = Real Alternative 2.0.2
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Steam App 72400" = Clones
"SureThing CD Labeler LightScribe_is1" = SureThing CD Labeler LightScribe 5.0.581.0
"The Incredible Machine Series_is1" = The Incredible Machine Series
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinAVI Video Converter 10.0_is1" = WinAVI Video Converter
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.1.8
"WORD" = Microsoft Office Word 2007
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Lemmini" = Lemmini
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 24/11/2011 14:25:28 | Computer Name = OWNER-D3B0183A0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk7\D, has a bad block.

Error - 24/11/2011 14:26:30 | Computer Name = OWNER-D3B0183A0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk7\D, has a bad block.

Error - 24/11/2011 14:27:33 | Computer Name = OWNER-D3B0183A0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk7\D, has a bad block.

Error - 24/11/2011 14:28:35 | Computer Name = OWNER-D3B0183A0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk7\D, has a bad block.

Error - 24/11/2011 14:29:38 | Computer Name = OWNER-D3B0183A0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk7\D, has a bad block.

Error - 24/11/2011 14:30:40 | Computer Name = OWNER-D3B0183A0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk7\D, has a bad block.

Error - 24/11/2011 14:31:43 | Computer Name = OWNER-D3B0183A0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk7\D, has a bad block.

Error - 24/11/2011 14:32:46 | Computer Name = OWNER-D3B0183A0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk7\D, has a bad block.

Error - 24/11/2011 14:33:15 | Computer Name = OWNER-D3B0183A0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 24/11/2011 14:33:49 | Computer Name = OWNER-D3B0183A0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk7\D, has a bad block.

< End of report >

My start menu and desktop files all reappeared after running combofix.

#6
RKinner

Posted 24 November 2011 - 01:36 PM

Malware Expert

Expert
24,625 posts

Let's see if Avenger will get it.

Download The Avenger by Swandog46 from
http://swandog46.gee...r2/download.php
* Unzip/extract it to a folder on your desktop.
* Double click on avenger.exe to run The Avenger.
* Click OK.
* Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
* Copy all of the text between the stars to the clipboard by highlighting it and then pressing Ctrl+C.
*******************************************************
Files to delete:
C:\Documents and Settings\User\Local Settings\Application Data\2bu60wsojm2w8o1ftc4q28u1mj
C:\Documents and Settings\All Users\Application Data\2bu60wsojm2w8o1ftc4q28u1mj
C:\Documents and Settings\All Users\Application Data\7BO9PmNFlG7SY5

******************************************************
* In the avenger window, click the Paste Script from Clipboard icon, Image button.
* :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
* Click the Execute button.
* You will be asked Are you sure you want to execute the current script?.
* Click Yes.
* You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
* Click Yes.
* Your PC will now be rebooted.

* After your PC has completed the necessary reboot, a log should automatically open. If it does not automatically open, then the log can be found at C:\avenger.txt. I would like to see the log in your next post.

You have two drives that are a bit messed up:

Log: 'System' Date/Time: 24/11/2011 18:23:06
Type: error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume J:.

Log: 'System' Date/Time: 24/11/2011 18:23:06
Type: error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume I:.

1. Double-click My Computer, and then right-click the hard disk that you want to check. J: (and then do I: since this isn't the C: drive it may do it without the reboot but I doubt it)
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, reboot.

Once you have done both drives:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

Run Vino's Event Viewer again and post the logs.

Run OTL again, Quickscan and post the log.

#7
wysiwyg2008

Posted 27 November 2011 - 03:18 AM

Member

Topic Starter
Member
43 posts

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\User\Local Settings\Application Data\2bu60wsojm2w8o1ftc4q28u1mj" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\2bu60wsojm2w8o1ftc4q28u1mj" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\7BO9PmNFlG7SY5" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

I have run chkdsk on the 2 drives.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/11/2011 09:08:21

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/11/2011 09:09:00

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 27/11/2011 09:09:52 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 65.91% Memory free
3.85 Gb Paging File | 3.26 Gb Available in Paging File | 84.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 302.58 Gb Free Space | 64.97% Space Free | Partition Type: NTFS
Drive F: | 233.70 Gb Total Space | 63.43 Gb Free Space | 27.14% Space Free | Partition Type: FAT32
Drive G: | 298.02 Gb Total Space | 4.71 Gb Free Space | 1.58% Space Free | Partition Type: FAT32
Drive H: | 931.51 Gb Total Space | 55.62 Gb Free Space | 5.97% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 381.25 Gb Free Space | 40.93% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 585.87 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 634.78 Gb Free Space | 34.07% Space Free | Partition Type: NTFS

Computer Name: OWNER-D3B0183A0 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/25 09:28:56 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/11/25 09:28:55 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/11/23 15:23:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/11/11 23:39:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/20 11:58:40 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/25 09:32:29 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/11/14 14:32:57 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/11 23:39:32 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/07 17:46:29 | 000,068,424 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/13 11:44:52 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2006/02/25 17:50:46 | 000,061,440 | ---- | M] () -- C:\Program Files\Dvd Creation\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll
MOD - [2006/02/25 17:50:16 | 000,023,552 | ---- | M] () -- C:\Program Files\Dvd Creation\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/25 09:28:56 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/11/06 20:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

========== Driver Services (SafeList) ==========

DRV - [2011/11/25 09:28:52 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/11/25 09:28:52 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/11/22 16:01:04 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/10/07 17:48:02 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 17:48:01 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 17:48:00 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/10/07 17:47:59 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/12/18 11:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/01/19 15:47:23 | 000,023,936 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetthjm.sys -- (FNETTHJM)
DRV - [2008/10/15 13:08:53 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008/10/15 13:01:54 | 000,026,112 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MemStPCI.SYS -- (MemStPCI) Sony Memory Stick controller (PCI)
DRV - [2008/09/09 18:07:36 | 004,813,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/07 17:11:30 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 20:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/11/20 10:00:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/04/14 12:49:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/23 18:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 23:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 08:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/04/14 12:49:23 | 000,000,000 | ---D | M]

[2009/07/09 09:16:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/11/23 18:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions
[2011/10/02 11:01:25 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/06/25 08:42:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/22 22:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dqzlcgd1.default\extensions\Access Privileges Test
[2011/11/11 23:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DQZLCGD1.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2009/07/08 17:45:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/23 18:23:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/11/11 23:39:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 22:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/03 13:36:14 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/03 13:36:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/03 13:36:14 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/03 13:36:14 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/10/29 16:51:36 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/10/03 13:36:14 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/23 16:55:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Fileshare\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\Fileshare\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Fileshare\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\Fileshare\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECA68C8-B1A8-4964-8563-166D5AB87BEB}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/03 15:30:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/02 15:01:36 | 008,794,999 | ---- | M] () - F:\AutoGordianKnot.2.27.Setup.exe -- [ FAT32 ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/25 12:21:55 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/11/24 18:25:31 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2011/11/23 18:22:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/23 17:03:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/23 16:39:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/23 16:39:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/23 16:39:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/23 16:39:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/23 16:39:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/23 16:39:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/23 16:38:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2011/11/23 15:23:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/11/23 13:28:07 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2011/11/23 13:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/23 13:14:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/23 13:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/21 23:02:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent
[2011/11/17 13:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/02 18:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Adobe Mini Bridge CS6
[2011/11/02 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/02 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Adobe
[2011/11/02 13:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/11/01 13:57:53 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2010/06/08 08:16:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/27 09:15:14 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/11/27 09:06:08 | 000,194,297 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/27 09:06:03 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/27 09:05:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/27 03:04:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/27 02:00:32 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-OWNER-D3B0183A0-User.job
[2011/11/26 21:26:55 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/24 18:25:37 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2011/11/23 19:34:00 | 000,002,516 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/11/23 17:08:46 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/11/23 16:55:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/23 15:23:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/11/22 20:43:58 | 000,196,896 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/11/22 20:43:52 | 000,177,393 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/11/20 11:22:15 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/17 13:07:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/16 15:35:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 23:29:18 | 000,612,323 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella.bak
[2011/11/14 23:14:55 | 682,202,855 | ---- | M] () -- C:\Documents and Settings\User\Desktop\sn0wbreeze_iPhone 4-4.3.3.ipsw
[2011/11/09 23:59:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/04 11:38:06 | 004,452,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/02 18:11:11 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS6 Prefs
[2011/11/02 18:09:31 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Adobe BMP Format CS6 Prefs
[2011/11/02 13:12:36 | 000,612,323 | ---- | M] () -- C:\WINDOWS\System32\drivers\Copy (3) of HOSTS
[2011/11/01 13:47:47 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\jucheck.job
[2011/10/30 09:01:46 | 000,458,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 09:01:46 | 000,078,690 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/11/25 12:19:08 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avenger.exe
[2011/11/23 17:08:42 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\User\Desktop\unhide.exe
[2011/11/23 16:50:21 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2011/11/23 16:50:21 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/23 16:50:21 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/11/23 16:50:21 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/23 16:50:21 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/23 16:50:21 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/23 16:50:21 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/23 16:50:20 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/23 16:50:20 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2011/11/23 16:50:20 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Player.lnk
[2011/11/23 16:50:20 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Ovi Player.lnk
[2011/11/23 16:50:20 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2011/11/23 16:50:20 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Map Loader.lnk
[2011/11/23 16:50:20 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2011/11/23 16:50:20 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2011/11/23 16:50:20 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD.lnk
[2011/11/23 16:50:20 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mega Manager.lnk
[2011/11/23 16:50:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/23 16:50:20 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/23 16:50:20 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/23 16:50:20 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/11/23 16:50:20 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/11/23 16:50:20 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2011/11/23 16:50:20 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2011/11/23 16:50:20 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2011/11/23 16:50:20 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS6.lnk
[2011/11/23 16:50:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/23 16:50:20 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/23 16:50:20 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/23 16:50:20 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\D-Fend Reloaded.lnk
[2011/11/23 16:50:20 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\JDownloader.lnk
[2011/11/23 16:50:20 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/11/23 16:50:20 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\IsoBuster.lnk
[2011/11/23 16:50:20 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WMRX.lnk
[2011/11/23 16:50:20 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mixcraft 4.lnk
[2011/11/23 16:50:20 | 000,000,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/23 16:50:20 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/23 16:50:19 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP640 series On-screen Manual.lnk
[2011/11/23 16:50:19 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk
[2011/11/23 16:50:19 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/11/23 16:50:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/23 16:50:19 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP640 series User Registration.LNK
[2011/11/23 16:50:19 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2011/11/23 16:50:19 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2011/11/23 16:50:19 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2011/11/23 16:39:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/23 16:39:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/23 16:39:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/23 16:39:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/23 16:39:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/22 20:43:58 | 000,196,896 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/11/22 20:43:52 | 000,177,393 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/11/14 23:13:03 | 682,202,855 | ---- | C] () -- C:\Documents and Settings\User\Desktop\sn0wbreeze_iPhone 4-4.3.3.ipsw
[2011/11/14 16:33:58 | 000,612,323 | ---- | C] () -- C:\WINDOWS\System32\drivers\Copy (3) of HOSTS
[2011/11/02 18:11:11 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS6 Prefs
[2011/11/02 18:09:31 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe BMP Format CS6 Prefs
[2011/11/02 15:02:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-OWNER-D3B0183A0-User.job
[2011/06/16 09:16:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2010/12/26 12:57:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/16 00:15:42 | 001,477,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/31 17:03:30 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\User\Application Data\winscp.rnd
[2010/08/27 07:58:32 | 000,290,968 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/08 08:16:48 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
[2010/06/08 08:16:48 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
[2010/05/09 10:08:18 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl15.dat.temp
[2010/05/06 16:27:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/05/06 12:54:50 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/05/06 12:54:50 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/05/06 12:54:50 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/05/06 12:54:50 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/05/06 12:54:50 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/05/06 12:54:50 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/05/06 12:54:50 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/05/06 12:54:50 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/05/06 12:54:50 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/05/06 12:54:50 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/05/06 12:54:50 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/05/06 12:54:50 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/05/06 12:54:50 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/05/06 12:54:50 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/05/06 12:54:50 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/05/06 12:54:50 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/05/06 12:54:50 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/05/06 12:54:50 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/05/06 12:54:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/04 20:53:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/11/11 11:37:18 | 002,542,458 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2009/10/20 21:45:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/10/07 12:06:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/30 15:16:50 | 000,102,144 | ---- | C] () -- C:\WINDOWS\hpgins15.dat.temp
[2009/08/30 15:16:50 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl15.dat
[2009/08/16 23:16:16 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/16 23:16:16 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/16 23:15:51 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/11 12:36:45 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/08/11 11:57:19 | 000,000,120 | ---- | C] () -- C:\WINDOWS\comodo firewallCIS_Setup_3.10.102363.531_XP_Vista_x32.INI
[2009/08/09 17:23:19 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/08/09 17:13:32 | 000,102,091 | ---- | C] () -- C:\WINDOWS\hpgins15.dat
[2009/08/03 16:05:47 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2009/07/13 10:21:20 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/07/09 19:14:40 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys
[2009/07/09 09:16:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/08 18:00:18 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/08 10:46:13 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/08 10:46:05 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/03 15:58:27 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/02/03 15:33:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/03 15:29:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/03 15:25:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/03 15:24:26 | 004,452,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/16 14:01:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/16 14:01:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 14:01:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/16 14:01:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 20:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/18 13:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2004/08/04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,458,560 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,078,690 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/04/18 02:02:00 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/11/27 21:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\360WavesPatcher
[2009/09/23 19:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2011/03/19 00:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitmeter2
[2010/07/02 17:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/02 19:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/07/06 17:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/01/22 17:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/07/02 16:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/08/05 10:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/12/03 10:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/09/10 16:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/04/14 12:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2009/08/14 19:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/11/02 15:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/11/24 21:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/09/03 20:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/05/06 13:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/04/01 17:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/01 22:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\abgx360
[2009/08/02 19:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Acoustica
[2009/07/13 18:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Atari
[2011/06/29 16:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics
[2009/09/02 16:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Bitmeter2
[2010/07/06 17:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2010/08/04 11:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon Easy-WebPrint EX
[2010/07/08 16:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CD-LabelPrint
[2010/11/21 12:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Clones
[2009/08/04 11:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Tiberium Wars
[2011/01/28 18:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVDFab
[2010/07/02 16:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Epson
[2010/12/26 12:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMA
[2011/10/02 11:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Garmin
[2009/07/19 09:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ImgBurn
[2009/08/28 18:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Internode
[2009/08/30 11:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\JAM Software
[2009/12/19 21:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Megaupload
[2011/03/30 20:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MoveFab
[2010/01/25 23:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
[2011/08/24 14:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenMPT
[2010/01/15 18:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2009/08/04 11:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3
[2009/08/03 16:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3 Uprising
[2011/11/02 18:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/07/08 14:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\System Tweaker
[2009/07/09 21:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2010/12/28 10:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vso
[2010/04/14 14:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinAVI
[2011/11/01 13:47:47 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job

========== Purity Check ==========

< End of report >

#8
RKinner

Posted 27 November 2011 - 08:59 AM

Malware Expert

Expert
24,625 posts

Avenger was able to remove the malware. Your logs look clean. Any problems left?

Ron

#9
wysiwyg2008

Posted 29 November 2011 - 09:49 AM

Member

Topic Starter
Member
43 posts

I haven't noticed any other problems since running the malware removal programmes

Thank you

Kieran

#10
RKinner

Posted 29 November 2011 - 10:04 AM

Malware Expert

Expert
24,625 posts

I think we can clean up now.

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron