Viruses and Hijackthis log - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Viruses and Hijackthis log

#1 Zurby

  • Group: Member
  • Posts: 5
  • Joined: 18-June 12

Posted 18 June 2012 - 02:46 PM

Hello! I am new here! I found this forum in the HijackThis forums list. I noticed that calc.exe starts up everytime i open my pc. I also noticed a lot of strange looking processes like name.exe calc.exe cmd.exe project1 2 3 4.exe running at startup. They are causing my pc to slow down and i have to manually shut them down everytime.
I have a Hijackthis log. hope i'm posting this in the right section.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:40:28, on 13.06.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3072253
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (file missing)
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdobeART] C:\Documents and Settings\Paul\Application Data\AdobeART.exe
O4 - HKLM\..\Run: [AdobeARP] C:\Documents and Settings\Paul\Application Data\AdobeARP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [a] C:\Documents and Settings\Paul\Desktop\cmd.exe
O4 - HKCU\..\Run: [b] C:\Documents and Settings\Paul\Start Menu\Programs\cmd.exe
O4 - HKCU\..\Run: [c] C:\Documents and Settings\Paul\My Documents\cmd.exe
O4 - HKCU\..\Run: [d] C:\Documents and Settings\Paul\Favorites\cmd.exe
O4 - HKCU\..\Run: [e] C:\Documents and Settings\Paul\Start Menu\cmd.exe
O4 - HKCU\..\Run: [Startup Key] C:\Documents and Settings\Paul\Local Settings\Temp\Name.exe
O4 - HKLM\..\Policies\Explorer\Run: [33377] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mspvycbrr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: cmd.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.co...sreqlab_nvd.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bit...m/qsax/qsax.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.syste...yri_4.5.1.0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 8582 bytes

#2 WhiteHat

  • Group: Retired Staff
  • Posts: 1,925
  • Joined: 06-September 09

Posted 18 June 2012 - 07:55 PM

Hello Zurby and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.



#3 Zurby

  • Group: Member
  • Posts: 5
  • Joined: 18-June 12

Posted 19 June 2012 - 08:15 AM

Thank you very much for your help!!! I'm experiencing more symptoms now. I will expand if required.

#4 WhiteHat

  • Group: Retired Staff
  • Posts: 1,925
  • Joined: 06-September 09

Posted 19 June 2012 - 10:47 AM

Hello Zurby,

The Geeks To Go no longer work with HijackThis logs. I need you download some tools for we can continue, Ok?

# Step 1 #
Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:
  • uTorrent Toolbar

# Step 2 #
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
msconfig
drives
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%\*.*
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic



# Step 3 #

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#5 Zurby

  • Group: Member
  • Posts: 5
  • Joined: 18-June 12

Posted 19 June 2012 - 02:27 PM

OTL logfile created on: 14.06.2012 23:19:03 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,64% Memory free
3,85 Gb Paging File | 3,46 Gb Available in Paging File | 89,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 10,84 Gb Free Space | 44,39% Space Free | Partition Type: NTFS
Drive D: | 124,63 Gb Total Space | 8,83 Gb Free Space | 7,09% Space Free | Partition Type: NTFS

Computer Name: PAULZURBAU | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.14 23:17:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2012.06.12 23:38:02 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012.06.12 23:38:02 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2007.02.19 00:37:47 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.01.11 00:45:48 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.10.08 07:50:00 | 001,564,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2004.08.04 02:56:44 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004.08.04 02:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.10.08 07:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2005.10.06 19:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (akbni8kg)
DRV - [2012.03.14 08:40:04 | 000,104,160 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2012.03.14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012.03.14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012.01.20 23:43:39 | 000,611,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.02.12 16:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008.08.06 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007.12.20 02:53:00 | 000,037,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007.10.25 19:31:08 | 000,616,064 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007.04.10 20:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.01.05 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-73586283-1214440339-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-73586283-1214440339-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3072253
IE - HKU\S-1-5-21-73586283-1214440339-682003330-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-73586283-1214440339-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKU\S-1-5-21-73586283-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.06.13 22:39:45 | 000,000,000 | ---D | M]

[2012.06.13 17:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\extensions
[2012.06.13 17:14:18 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

O1 HOSTS File: ([2001.08.23 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-73586283-1214440339-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AdobeARP] C:\Documents and Settings\Paul\Application Data\AdobeARP.exe (blU)
O4 - HKLM..\Run: [AdobeART] C:\Documents and Settings\Paul\Application Data\AdobeART.exe (gambe grane)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [a] C:\Documents and Settings\Paul\Desktop\cmd.exe File not found
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [b] C:\Documents and Settings\Paul\Start Menu\Programs\cmd.exe (bathless overgeneralizing)
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [c] C:\Documents and Settings\Paul\My Documents\cmd.exe (bathless overgeneralizing)
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [d] C:\Documents and Settings\Paul\Favorites\cmd.exe (bathless overgeneralizing)
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [e] C:\Documents and Settings\Paul\Start Menu\cmd.exe (bathless overgeneralizing)
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [Startup Key] C:\Documents and Settings\Paul\Local Settings\Temp\Name.exe (blU)
O4 - Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\cmd.exe (bathless overgeneralizing)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 33377 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mspvycbrr.exe (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1214440339-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5CE37D8-7255-4CE9-8F5C-539832F9713C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.10 21:27:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.06.14 23:17:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2012.06.13 23:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.06.13 23:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\HiJackThis
[2012.06.13 22:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2012.06.13 22:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012.06.13 22:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.13 22:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012.06.13 22:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\QuickScan
[2012.06.13 17:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Google
[2012.06.13 17:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\CRE
[2012.06.13 17:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Mozilla
[2012.06.13 17:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.06.13 17:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit
[2012.06.12 21:40:11 | 000,072,704 | ---- | C] (blU) -- C:\Documents and Settings\Paul\Application Data\AdobeARP.exe
[2012.06.12 20:48:12 | 000,077,824 | ---- | C] (gambe grane) -- C:\Documents and Settings\Paul\Application Data\AdobeART.exe
[2012.06.12 20:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\BabylonToolbar
[2012.06.12 19:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
[2012.06.12 19:31:18 | 000,061,440 | R--- | C] (bathless overgeneralizing) -- C:\Documents and Settings\Paul\Start Menu\Programs\Startup\cmd.exe
[2012.06.12 19:31:18 | 000,061,440 | -H-- | C] (bathless overgeneralizing) -- C:\Documents and Settings\Paul\Start Menu\Programs\cmd.exe
[2012.06.12 19:31:18 | 000,061,440 | -H-- | C] (bathless overgeneralizing) -- C:\Documents and Settings\Paul\My Documents\cmd.exe
[2012.06.12 19:31:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012.06.08 20:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2012.06.08 20:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Ahead
[2012.06.08 20:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2012.06.08 20:13:41 | 000,089,184 | ---- | C] (Ahead Software AG and its licensors) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2012.06.08 20:13:41 | 000,057,344 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\ImageDrive.cpl
[2012.06.08 20:13:32 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\System32\imagr5.dll
[2012.06.08 20:13:32 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\imagx5.dll
[2012.06.08 20:13:32 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\ImagXpr5.dll
[2012.06.08 20:13:32 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2012.06.08 20:13:31 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2012.06.08 20:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2012.06.08 20:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2012.06.08 19:56:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012.06.02 14:01:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paul\My Documents\My Videos
[2012.06.01 00:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\screamer
[2012.05.19 22:47:23 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2012.05.19 22:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\Warcraft III
[2012.05.19 22:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\GarenaPlus
[2012.05.19 22:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garena
[2012.05.19 22:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Garena Plus
[2012.05.19 22:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GarenaMessenger
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.14 23:22:28 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.14 23:17:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2012.06.14 23:12:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.13 23:31:51 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\HiJackThis.lnk
[2012.06.13 22:38:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.13 17:14:12 | 000,000,420 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012.06.13 17:14:12 | 000,000,418 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012.06.13 17:13:53 | 001,020,816 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Paul\Desktop\utorrent.exe
[2012.06.13 14:17:37 | 000,045,194 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\room_v3.dat
[2012.06.13 12:50:48 | 000,506,150 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\9757.exe
[2012.06.12 23:01:36 | 000,499,492 | -HS- | M] () -- C:\Documents and Settings\Paul\Application Data\0059a893.exe
[2012.06.12 22:53:27 | 000,506,148 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\1417.exe
[2012.06.12 22:51:10 | 000,499,492 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\7406.exe
[2012.06.12 21:40:06 | 000,072,704 | ---- | M] (blU) -- C:\Documents and Settings\Paul\Application Data\AdobeARP.exe
[2012.06.12 20:48:08 | 000,077,824 | ---- | M] (gambe grane) -- C:\Documents and Settings\Paul\Application Data\AdobeART.exe
[2012.06.12 19:34:11 | 000,506,148 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\8000.exe
[2012.06.12 19:31:18 | 000,061,440 | R--- | M] (bathless overgeneralizing) -- C:\Documents and Settings\Paul\Start Menu\Programs\Startup\cmd.exe
[2012.06.12 19:31:18 | 000,061,440 | -H-- | M] (bathless overgeneralizing) -- C:\Documents and Settings\Paul\My Documents\cmd.exe
[2012.06.10 14:18:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.06.08 20:30:05 | 000,726,832 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\AA_v3.exe
[2012.06.02 12:40:56 | 000,001,431 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\ISO1.nri
[2012.05.27 19:00:35 | 000,921,632 | ---- | M] () -- C:\PA207.DAT
[2012.05.27 17:51:52 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.05.19 22:54:56 | 000,071,464 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2012.05.19 22:54:11 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2012.05.19 22:54:11 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif
[2012.05.19 22:23:21 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Garena Plus.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.13 23:31:51 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\HiJackThis.lnk
[2012.06.13 17:14:12 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012.06.13 17:14:12 | 000,000,418 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012.06.13 12:50:52 | 000,506,150 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\9757.exe
[2012.06.12 23:01:38 | 000,499,492 | -HS- | C] () -- C:\Documents and Settings\Paul\Application Data\0059a893.exe
[2012.06.12 22:53:30 | 000,506,148 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\1417.exe
[2012.06.12 22:51:13 | 000,499,492 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\7406.exe
[2012.06.12 19:34:14 | 000,506,148 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\8000.exe
[2012.06.12 19:34:14 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Paul\Start Menu\Programs\Startup.lnk
[2012.06.08 20:29:54 | 000,726,832 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\AA_v3.exe
[2012.06.02 12:37:25 | 000,001,431 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\ISO1.nri
[2012.05.19 23:50:33 | 000,045,194 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\room_v3.dat
[2012.05.19 22:47:24 | 000,071,464 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2012.05.19 22:47:23 | 000,002,829 | ---- | C] () -- C:\WINDOWS\War3Unin.pif
[2012.05.19 22:23:21 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Garena Plus.lnk
[2012.02.12 15:46:47 | 000,164,810 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2012.02.12 15:46:47 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2012.02.08 15:35:43 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012.01.11 17:58:49 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.11 13:24:12 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2012.01.11 13:24:11 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2012.01.10 23:17:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.01.10 23:14:11 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.10 22:49:38 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.01.10 22:49:38 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.01.10 22:49:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.01.10 22:49:27 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.01.10 22:46:02 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.10 22:46:01 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012.01.10 22:32:45 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012.01.10 21:30:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.01.10 21:24:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: SAMSUNG HD161HJ
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 24,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 125,00GB
Starting Offset: 26213967360
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2012.03.20 19:47:52 | 000,272,960 | ---- | M] () -- C:\'oupotuc .JPG
[2012.03.20 19:55:05 | 000,279,801 | ---- | M] () -- C:\-gg.JPG
[2012.03.20 20:00:53 | 000,228,313 | ---- | M] () -- C:\233455.JPG
[2012.03.20 20:01:08 | 000,236,130 | ---- | M] () -- C:\4764879.JPG
[2012.03.20 19:54:40 | 000,327,668 | ---- | M] () -- C:\;opfc.JPG
[2012.03.20 19:51:24 | 000,278,007 | ---- | M] () -- C:\;uyi.JPG
[2012.01.10 21:27:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012.01.10 21:21:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.01.10 21:27:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2012.03.20 19:52:51 | 000,270,789 | ---- | M] () -- C:\ewqrr.JPG
[2012.03.20 19:57:26 | 000,238,115 | ---- | M] () -- C:\F.JPG
[2012.03.20 19:53:44 | 000,233,915 | ---- | M] () -- C:\fiyui.JPG
[2012.03.20 19:53:32 | 000,229,338 | ---- | M] () -- C:\fj8.JPG
[2012.03.20 19:56:02 | 000,265,322 | ---- | M] () -- C:\FXCHHU.JPG
[2007.11.07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012.03.20 19:51:38 | 000,283,502 | ---- | M] () -- C:\hher.JPG
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012.01.10 21:27:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.03.20 19:49:12 | 000,287,301 | ---- | M] () -- C:\iougy.JPG
[2012.03.20 19:53:18 | 000,229,338 | ---- | M] () -- C:\jdfuu.JPG
[2012.03.20 19:48:37 | 000,275,342 | ---- | M] () -- C:\jhugi.JPG
[2012.03.20 19:55:47 | 000,244,871 | ---- | M] () -- C:\KLI.JPG
[2012.03.20 20:01:18 | 000,232,799 | ---- | M] () -- C:\LKGHL.JPG
[2012.03.20 19:57:49 | 000,276,063 | ---- | M] () -- C:\MALL DUBAI.JPG
[2012.03.20 19:54:15 | 000,330,117 | ---- | M] () -- C:\mdyt8.JPG
[2012.03.20 19:52:30 | 000,311,497 | ---- | M] () -- C:\mgic .JPG
[2012.01.10 21:27:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.03.20 19:54:52 | 000,203,792 | ---- | M] () -- C:\nmcif7.JPG
[2012.03.20 19:48:24 | 000,242,729 | ---- | M] () -- C:\nmfrew.JPG
[2004.08.04 00:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004.08.04 00:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012.03.20 19:54:00 | 000,260,953 | ---- | M] () -- C:\nyi.JPG
[2012.03.20 19:50:37 | 000,265,856 | ---- | M] () -- C:\o;pi.JPG
[2012.03.20 19:48:49 | 000,287,301 | ---- | M] () -- C:\opxc.JPG
[2012.03.20 19:58:26 | 000,305,320 | ---- | M] () -- C:\OUS.JPG
[2012.03.20 19:59:01 | 000,280,977 | ---- | M] () -- C:\OV.JPG
[2012.03.20 19:53:07 | 000,198,127 | ---- | M] () -- C:\oydi.JPG
[2012.05.27 19:00:35 | 000,921,632 | ---- | M] () -- C:\PA207.DAT
[2012.06.14 23:12:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012.03.20 19:47:33 | 000,248,839 | ---- | M] () -- C:\pfd.JPG
[2012.03.20 19:56:56 | 000,201,479 | ---- | M] () -- C:\POP.JPG
[2012.03.20 20:00:13 | 000,238,527 | ---- | M] () -- C:\Q1.JPG
[2012.03.20 20:00:29 | 000,237,868 | ---- | M] () -- C:\Q2.JPG
[2012.03.20 19:59:57 | 000,301,652 | ---- | M] () -- C:\QUATAR AVION.JPG
[2012.03.20 19:59:24 | 000,216,850 | ---- | M] () -- C:\QUATAR.JPG
[2012.03.20 19:50:59 | 000,263,497 | ---- | M] () -- C:\saw.JPG
[2012.03.20 19:48:06 | 000,223,568 | ---- | M] () -- C:\sdhyup.JPG
[2012.03.20 19:58:48 | 000,239,931 | ---- | M] () -- C:\TYIS.JPG
[2012.05.11 19:24:21 | 000,001,711 | ---- | M] () -- C:\user.js
[2007.11.07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2012.03.20 19:55:18 | 000,223,187 | ---- | M] () -- C:\viuyo.JPG
[2012.03.20 19:55:33 | 000,226,004 | ---- | M] () -- C:\WEAR.JPG
[2012.03.20 19:52:14 | 000,254,187 | ---- | M] () -- C:\yfffff.JPG
[2012.03.20 19:51:55 | 000,276,889 | ---- | M] () -- C:\yu746utrh.JPG
[2012.03.20 19:57:18 | 000,295,366 | ---- | M] () -- C:\[KO.JPG

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

< %PROGRAMFILES%\*.* >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004.08.04 02:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004.08.04 02:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004.08.04 02:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004.08.04 02:56:52 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012.06.12 23:38:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012.06.12 23:38:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012.06.12 23:38:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012.06.12 23:38:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012.06.12 23:38:02 | 000,874,384 | ---- | M] (Opera Software)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004.08.04 02:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004.08.04 02:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004.08.04 02:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004.08.04 02:56:52 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012.06.12 23:38:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012.06.12 23:38:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012.06.12 23:38:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012.06.12 23:38:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012.06.12 23:38:02 | 000,874,384 | ---- | M] (Opera Software)

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E00596C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2E1DEC

< End of report >





OTL Extras logfile created on: 14.06.2012 23:19:03 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,64% Memory free
3,85 Gb Paging File | 3,46 Gb Available in Paging File | 89,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 10,84 Gb Free Space | 44,39% Space Free | Partition Type: NTFS
Drive D: | 124,63 Gb Total Space | 8,83 Gb Free Space | 7,09% Space Free | Partition Type: NTFS

Computer Name: PAULZURBAU | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-73586283-1214440339-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\strong\StrongDC.exe" = D:\strong\StrongDC.exe:*:Enabled:StrongDC++ -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"D:\counyrr\hl.exe" = D:\counyrr\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Paul\Desktop\utorrent.exe" = C:\Documents and Settings\Paul\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Garena Plus\room\garena_room.exe" = C:\Program Files\Garena Plus\room\garena_room.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{083ABCCD-D0A1-4068-A2B1-A4D06E0B9951}" = ESET NOD32 Antivirus
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A2EF287-931C-40A0-AAE7-8C00FDB9968A}" = Decipher TextMessage
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.® L1 Gigabit Ethernet Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Eye 110
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"im" = Garena Plus
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Nero - Burning Rom!UninstallKey" = Ahead Nero 6 Demo
"Opera 12.00.1467" = Opera 12.00
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ULTIMATER" = Microsoft Office Ultimate 2007
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-73586283-1214440339-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03.04.2012 04:22:15 | Computer Name = PAULZURBAU | Source = MsiInstaller | ID = 11713
Description = Product: Microsoft Office Word MUI (English) 2007 -- Error 1713. Setup
cannot install one of the required products for Microsoft Office Word MUI (English)
2007.

Error - 17.04.2012 10:08:46 | Computer Name = PAULZURBAU | Source = Bonjour Service | ID = 100
Description =

Error - 17.04.2012 10:08:46 | Computer Name = PAULZURBAU | Source = Bonjour Service | ID = 100
Description =

Error - 17.04.2012 10:08:46 | Computer Name = PAULZURBAU | Source = Bonjour Service | ID = 100
Description =

Error - 17.04.2012 10:08:48 | Computer Name = PAULZURBAU | Source = Bonjour Service | ID = 100
Description =

Error - 17.04.2012 10:08:48 | Computer Name = PAULZURBAU | Source = Bonjour Service | ID = 100
Description =

Error - 17.04.2012 10:08:48 | Computer Name = PAULZURBAU | Source = Bonjour Service | ID = 100
Description =

Error - 12.05.2012 14:31:16 | Computer Name = PAULZURBAU | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6211.1000, stamp 46d4a7df,
faulting module hpz3r5ha.dll, version 61.71.244.0, stamp 45f91d42, debug? 0, fault
address 0x000467e8.

Error - 12.05.2012 14:53:03 | Computer Name = PAULZURBAU | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6211.1000, stamp 46d4a7df,
faulting module hpz3r5ha.dll, version 61.71.244.0, stamp 45f91d42, debug? 0, fault
address 0x000467e8.

Error - 21.05.2012 06:31:54 | Computer Name = PAULZURBAU | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office PowerPoint.

[ System Events ]
Error - 14.06.2012 10:39:08 | Computer Name = PAULZURBAU | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 3 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 14.06.2012 16:14:52 | Computer Name = PAULZURBAU | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 14.06.2012 16:14:52 | Computer Name = PAULZURBAU | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly.
It has done this 1 time(s).

Error - 14.06.2012 16:14:52 | Computer Name = PAULZURBAU | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 14.06.2012 16:14:52 | Computer Name = PAULZURBAU | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 14.06.2012 16:15:00 | Computer Name = PAULZURBAU | Source = Service Control Manager | ID = 7034
Description = The IMAPI CD-Burning COM Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 14.06.2012 16:15:11 | Computer Name = PAULZURBAU | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 14.06.2012 16:15:59 | Computer Name = PAULZURBAU | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 14.06.2012 16:17:17 | Computer Name = PAULZURBAU | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 14.06.2012 16:17:21 | Computer Name = PAULZURBAU | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 3 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-14 23:26:03
-----------------------------
23:26:03.296 OS Version: Windows 5.1.2600 Service Pack 2
23:26:03.296 Number of processors: 2 586 0x605
23:26:03.296 ComputerName: PAULZURBAU UserName: Paul
23:26:03.531 Initialize success
23:26:09.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
23:26:09.515 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-19 Size: 152627MB BusType: 3
23:26:09.531 Disk 0 MBR read successfully
23:26:09.531 Disk 0 MBR scan
23:26:09.531 Disk 0 Windows XP default MBR code
23:26:09.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 24999 MB offset 63
23:26:09.531 Disk 0 Partition - 00 0F Extended LBA 127617 MB offset 51199155
23:26:09.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 127617 MB offset 51199218
23:26:09.546 Disk 0 scanning sectors +312560640
23:26:09.625 Disk 0 scanning C:\WINDOWS\system32\drivers
23:26:12.593 Service scanning
23:26:16.859 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:26:18.328 Modules scanning
23:26:22.640 Disk 0 trace - called modules:
23:26:22.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89de51d8]<<
23:26:22.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89db9ab8]
23:26:22.718 3 CLASSPNP.SYS[b80e8fcf] -> nt!IofCallDriver -> \Device\00000069[0x89e22d38]
23:26:22.734 5 ACPI.sys[b7e9f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x89d83d98]
23:26:22.734 \Driver\atapi[0x89e479f8] -> IRP_MJ_CREATE -> 0x89de51d8
23:26:22.734 Scan finished successfully
23:26:38.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul\Desktop\MBR.dat"
23:26:38.125 The log file has been saved successfully to "C:\Documents and Settings\Paul\Desktop\aswMBR.txt"

#6 WhiteHat

  • Group: Retired Staff
  • Posts: 1,925
  • Joined: 06-September 09

Posted 20 June 2012 - 05:24 PM

# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (akbni8kg)
IE -  HKU\S-1-5-21-73586283-1214440339-682003330-1003\SOFTWARE\Microsoft\Internet  Explorer\Main,Start Page = http://search.condui...&ctid=CT3072253
IE - HKU\S-1-5-21-73586283-1214440339-682003330-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE -  HKU\S-1-5-21-73586283-1214440339-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}:  "URL" = http://search.condui...&ctid=CT3072253
[2012.06.13 17:14:18 | 000,000,000 | ---D | M] (uTorrentControl2  Community Toolbar) -- C:\Documents and Settings\Paul\Application  Data\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [a] C:\Documents and Settings\Paul\Desktop\cmd.exe File not found
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [b]  C:\Documents and Settings\Paul\Start Menu\Programs\cmd.exe (bathless  overgeneralizing)
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [c]  C:\Documents and Settings\Paul\My Documents\cmd.exe (bathless  overgeneralizing)
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [d]  C:\Documents and Settings\Paul\Favorites\cmd.exe (bathless  overgeneralizing)
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [e]  C:\Documents and Settings\Paul\Start Menu\cmd.exe (bathless  overgeneralizing)
O4 - HKU\S-1-5-21-73586283-1214440339-682003330-1003..\Run: [Startup  Key] C:\Documents and Settings\Paul\Local Settings\Temp\Name.exe (blU)
O4 - Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\cmd.exe (bathless overgeneralizing)
O6 -  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run:  33377 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mspvycbrr.exe (Microsoft  Corporation)
[2012.06.13 17:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.06.13 17:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit
[2012.06.12 21:40:11 | 000,072,704 | ---- | C] (blU) -- C:\Documents and Settings\Paul\Application Data\AdobeARP.exe
[2012.06.12 20:48:12 | 000,077,824 | ---- | C] (gambe grane) -- C:\Documents and Settings\Paul\Application Data\AdobeART.exe
[2012.06.12 20:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\BabylonToolbar
[2012.06.13 14:17:37 | 000,045,194 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\room_v3.dat
[2012.06.13 12:50:48 | 000,506,150 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\9757.exe
[2012.06.12 23:01:36 | 000,499,492 | -HS- | M] () -- C:\Documents and Settings\Paul\Application Data\0059a893.exe
[2012.06.12 22:53:27 | 000,506,148 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\1417.exe
[2012.06.12 22:51:10 | 000,499,492 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\7406.exe
[2012.06.12 19:34:11 | 000,506,148 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\8000.exe

:Commands
[CREATERESTOREPOINT]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 2 #Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.



Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#7 Zurby

  • Group: Member
  • Posts: 5
  • Joined: 18-June 12

Posted 20 June 2012 - 05:27 PM

Did all that right now!

========== OTL ==========
Error: No service named akbni8kg was found to stop!
Service\Driver key akbni8kg not found.
HKU\S-1-5-21-73586283-1214440339-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-73586283-1214440339-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-73586283-1214440339-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Folder C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_USERS\S-1-5-21-73586283-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\a not found.
Registry value HKEY_USERS\S-1-5-21-73586283-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\b not found.
File C:\Documents and Settings\Paul\Start Menu\Programs\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-73586283-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\c not found.
File C:\Documents and Settings\Paul\My Documents\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-73586283-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\d not found.
File C:\Documents and Settings\Paul\Favorites\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-73586283-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\e not found.
File C:\Documents and Settings\Paul\Start Menu\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-73586283-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Startup Key not found.
File C:\Documents and Settings\Paul\Local Settings\Temp\Name.exe not found.
File C:\Documents and Settings\Paul\Start Menu\Programs\Startup\cmd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\33377 not found.
File C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mspvycbrr.exe not found.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Paul\Local Settings\Application Data\Conduit folder moved successfully.
File C:\Documents and Settings\Paul\Application Data\AdobeARP.exe not found.
C:\Documents and Settings\Paul\Application Data\AdobeART.exe moved successfully.
C:\Documents and Settings\Paul\Application Data\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Documents and Settings\Paul\Application Data\room_v3.dat moved successfully.
C:\Documents and Settings\Paul\Application Data\9757.exe moved successfully.
C:\Documents and Settings\Paul\Application Data\0059a893.exe moved successfully.
C:\Documents and Settings\Paul\Application Data\1417.exe moved successfully.
C:\Documents and Settings\Paul\Application Data\7406.exe moved successfully.
C:\Documents and Settings\Paul\Application Data\8000.exe moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06162012_022504

#8 WhiteHat

  • Group: Retired Staff
  • Posts: 1,925
  • Joined: 06-September 09

Posted 21 June 2012 - 05:10 PM

Hi,

You forgot to post the MalwareBytes' Anti-Malware log.

Do this. :thumbsup:

#9 Zurby

  • Group: Member
  • Posts: 5
  • Joined: 18-June 12

Posted 22 June 2012 - 06:57 AM

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Paul :: PAULZURBAU [administrator]

Protection: Disabled

16.06.2012 02:47:41
mbam-log-2012-06-16 (02-47-41).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 292716
Time elapsed: 32 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\System Volume Information\_restore{D5BDDA78-B63A-4445-952E-16D4CF827601}\RP111\A0089273.exe (PUP.HackTool.ACGen) -> No action taken.
C:\System Volume Information\_restore{D5BDDA78-B63A-4445-952E-16D4CF827601}\RP112\A0089352.exe (PUP.HackTool.ACGen) -> No action taken.
C:\System Volume Information\_restore{D5BDDA78-B63A-4445-952E-16D4CF827601}\RP109\A0087014.exe (PAssword.Tool) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65C0212C-FB80-4A23-AEFD-B42E048ECCD8}\RP245\A0138836.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65C0212C-FB80-4A23-AEFD-B42E048ECCD8}\RP245\A0147543.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65C0212C-FB80-4A23-AEFD-B42E048ECCD8}\RP245\A0147567.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{E93D1DD4-8E0C-461E-A3E9-1EFFF56EBF8B}\RP97\A0112178.dll (Trojan.Agent.H) -> Quarantined and deleted successfully.
D:\utorrent dlds\tw2\The.Godfather.Trilogy.1972-1990.BRRip.XviD.AC3.D-ZON3\The.Godfather.II.1974.BRRip.XViD.AC3.D-Z0N3\áĹéÇł=ćŤć (Trojan.Agent) -> Quarantined and deleted successfully.
D:\utorrent dlds\tw2\The.Godfather.Trilogy.1972-1990.BRRip.XviD.AC3.D-ZON3\The.Godfather.III.1990.BRRip.XViD.AC3.D-Z0N3\áĹéÇł=ćŤć (Trojan.Agent) -> Quarantined and deleted successfully.
D:\utorrent dlds\tw2\Nero.7.7.5.1.Ultra-NoGrp\KeyGen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)

#10 WhiteHat

  • Group: Retired Staff
  • Posts: 1,925
  • Joined: 06-September 09

Posted 22 June 2012 - 02:17 PM

Hi,

How is your computer?

# Step 1 #
  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic


# Step 2 #


Please, Reopen MalwareBytes' Anti-Malware.

  • Go to the tab Updates and click in Download Update. If there's an update, allow MBAM to update its database.
  • Now, click on the tab Verify and select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Share this topic:


Page 1 of 1