Virus, infection Notepad results, resubmitting as requested.

View previous topic View next topic Go down

Virus, infection Notepad results, resubmitting as requested.

Post by Gemini on 4th May 2010, 4:08 pm

OTL logfile created on: 4/29/2010 9:23:53 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Jane\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 154.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.89 Gb Total Space | 8.85 Gb Free Space | 26.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.56 Gb Total Space | 1.08 Gb Free Space | 1.45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-ZE8CXVR8TT
Current User Name: Jane
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/29 09:20:49 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
PRC - [2010/04/04 09:51:40 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 16:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2010/04/29 09:20:49 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SPTISRV)
SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- -- (PACSPTISVR)
SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- -- (LogMeIn)
SRV - File not found [Disabled | Stopped] -- -- (Apache)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/14 14:36:00 | 000,066,056 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/09 20:52:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/09 13:52:41 | 000,145,504 | ---- | M] (B.H.A Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [On_Demand | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/09/09 13:52:42 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2005/08/02 14:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\npf.sys -- (NPF)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv4)
DRV - [2004/08/03 22:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004/07/20 15:13:57 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys -- (pfc)
DRV - [2004/03/12 22:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)
DRV - [2004/03/12 22:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\d346bus.sys -- (d346bus)
DRV - [2002/07/23 09:01:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/07/23 09:01:34 | 000,011,935 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV11NT.sys -- (iAimFP8)
DRV - [2002/07/23 09:01:32 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2002/07/23 09:01:32 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2002/07/23 09:01:32 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2002/07/23 09:01:30 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2002/07/23 09:01:30 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/07/23 09:01:28 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2002/07/23 09:01:28 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2002/07/23 09:01:28 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2002/07/23 09:01:26 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2002/07/23 09:01:26 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2002/07/23 09:01:24 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2002/07/23 09:01:22 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2002/07/23 09:01:22 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2002/07/23 09:01:20 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/07/10 14:53:34 | 000,105,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\ICAM5D2.sys -- (ICAM5USB) Intel(r)
DRV - [2001/06/04 07:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,srch-ca3 Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: _{87766247-311C-43B4-8499-3D5FEC94A183} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/18 14:19:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/28 09:55:57 | 000,000,000 | ---D | M]

[2008/12/19 13:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions
[2010/04/28 09:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\8mop5cj9.default\extensions
[2009/09/03 09:49:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\8mop5cj9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/18 10:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\8mop5cj9.default\extensions\nosquint@urandom.ca
[2010/04/28 12:07:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/28 09:56:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/28 09:55:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/03/09 18:52:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: machine name denoted by a '#' symbol.
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - No CLSID value found.
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - No CLSID value found.
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - No CLSID value found.
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - No CLSID value found.
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - Startup: C:\Documents and Settings\Jane\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: coastcapitalsavings.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: manchestereveningnews.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: skincell.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: topproduceronline.com ([www] https in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} [You must be registered and logged in to see this link.] (Malicious Software Removal Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 4 Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [You must be registered and logged in to see this link.] (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} [You must be registered and logged in to see this link.] (MSN Chat Control 4.5)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.160.15 64.59.144.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.208,93.188.161.30
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/09/04 20:13:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\ias [2004/04/16 15:27:59 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\SYSTEM32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\SYSTEM32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2eac6a2d-57a8-44d4-96f7-e32bab40ca5f} - Windows Update
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DBA4B875-B01D-4141-0AB3-553C9B70BDDD} - NetShow
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: MSACM.G723 - C:\WINDOWS\System32\G723.ACM (Intel Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS [You must be registered and logged in to see this link.]
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: vidc.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP50 - vp5vfw.dll File not found
Drivers32: vidc.VP60 - C:\WINDOWS\SYSTEM32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\SYSTEM32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/29 09:20:24 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
[2010/04/29 09:16:34 | 027,386,256 | ---- | C] ( ) -- C:\Program Files\AdbeRdr930_en_US.exe
[2010/04/29 09:05:43 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Jane\JavaRa.exe
[2010/04/29 09:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Desktop\JavaRa
[2010/04/28 09:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/28 09:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/28 09:55:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/28 09:55:56 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/28 09:55:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/28 09:55:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/28 09:55:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/28 09:49:32 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jane\Desktop\jre-6u20-windows-i586.exe
[2010/04/24 12:54:43 | 056,192,496 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Jane\Desktop\shawsecure-[A3UT-YN47-JZLB-7FTM-AVCV].exe
[2010/04/23 19:35:59 | 000,447,784 | ---- | C] (Shaw Communications) -- C:\Documents and Settings\Jane\Desktop\shaw test for space.exe
[2010/04/23 14:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/04/05 19:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Desktop\Me.jpg
[2010/03/31 19:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\My Documents\Downloads
[2003/05/20 14:51:25 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2003/05/20 14:51:25 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
[5 C:\Documents and Settings\Jane\My Documents\*.tmp files -> C:\Documents and Settings\Jane\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/29 09:35:45 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{18441E2E-5357-45DD-B4A8-11F84F05DECD}.job
[2010/04/29 09:20:49 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
[2010/04/29 09:20:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/29 09:18:18 | 027,386,256 | ---- | M] ( ) -- C:\Program Files\AdbeRdr930_en_US.exe
[2010/04/29 08:59:02 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\JavaRa.zip
[2010/04/29 08:47:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/28 20:10:44 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/28 12:13:55 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/28 11:00:06 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/28 10:21:39 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/28 09:55:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/28 09:55:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/28 09:55:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/28 09:55:00 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/28 09:54:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/28 09:49:50 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jane\Desktop\jre-6u20-windows-i586.exe
[2010/04/28 09:47:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/28 09:35:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/28 09:34:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 09:34:19 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/27 22:24:06 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Jane\NTUSER.DAT
[2010/04/27 22:24:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jane\ntuser.ini
[2010/04/24 13:20:02 | 056,192,496 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Jane\Desktop\shawsecure-[A3UT-YN47-JZLB-7FTM-AVCV].exe
[2010/04/23 19:36:13 | 000,447,784 | ---- | M] (Shaw Communications) -- C:\Documents and Settings\Jane\Desktop\shaw test for space.exe
[2010/04/23 19:22:04 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\SHAW SECURE SCAN.doc
[2010/04/15 20:12:34 | 000,067,072 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\History 232-234 Michigan.doc
[2010/03/31 19:34:22 | 000,111,057 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\setup.exe
[5 C:\Documents and Settings\Jane\My Documents\*.tmp files -> C:\Documents and Settings\Jane\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/29 08:58:42 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\JavaRa.zip
[2010/04/23 19:22:04 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\SHAW SECURE SCAN.doc
[2010/03/31 19:34:01 | 000,111,057 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\setup.exe
[2008/09/30 17:24:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AudioDVD.INI
[2008/08/31 12:14:57 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Apollo Audio DVD Creator.INI
[2008/08/30 16:07:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Avi Divx Xvid to DVD Burner.INI
[2008/07/10 20:07:11 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/01/15 18:51:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/24 13:11:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\winitn.dll
[2007/12/24 13:11:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\sslzdlt.dll
[2007/09/06 16:36:08 | 000,000,413 | ---- | C] () -- C:\WINDOWS\MP3trtg.ini
[2007/09/06 13:22:34 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\ammpp.dll
[2007/09/06 13:22:34 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/09/06 13:22:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\a1.dll
[2007/09/06 13:22:33 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\qscl.dll
[2007/09/06 13:22:33 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\amrdec.dll
[2007/09/06 13:22:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\qcpsdk.dll
[2007/03/21 20:16:43 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDEncoder.dll
[2007/03/21 16:05:26 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/03/21 16:05:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/03/21 16:05:26 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/03/21 16:05:25 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/09/28 13:55:12 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\xsa2.dll
[2006/09/01 16:10:15 | 000,000,351 | ---- | C] () -- C:\WINDOWS\MP3trt.ini
[2006/05/19 15:03:45 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\shellgui32.dll
[2006/05/18 16:44:03 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\runsrv32.dll
[2006/05/17 21:58:13 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\udpmod.dll
[2006/05/17 21:58:13 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\questmod.dll
[2006/05/17 21:58:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\Pynix.dll
[2006/05/17 21:58:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\jao.dll
[2006/05/17 21:58:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\dlmax.dll
[2006/05/17 21:58:11 | 000,008,192 | ---- | C] () -- C:\WINDOWS\ZServ.dll
[2006/05/17 21:58:11 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\txfdb32.dll
[2006/05/17 21:58:11 | 000,008,192 | ---- | C] () -- C:\WINDOWS\BTGrab.dll
[2006/05/17 21:58:10 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\dailytoolbar.dll
[2006/05/17 21:58:09 | 000,008,192 | ---- | C] () -- C:\WINDOWS\alxtb1.dll
[2006/05/17 21:58:09 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\alxres.dll
[2006/05/17 21:58:09 | 000,008,192 | ---- | C] () -- C:\WINDOWS\alxie328.dll
[2006/05/17 21:58:09 | 000,008,192 | ---- | C] () -- C:\WINDOWS\alexaie.dll
[2006/05/16 16:16:44 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/04/15 21:18:01 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\zlbw.dll
[2005/09/27 13:17:38 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/09/27 13:17:07 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2005/09/27 13:17:07 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2005/09/27 11:47:31 | 000,000,034 | ---- | C] () -- C:\WINDOWS\h263test.ini
[2005/09/27 11:45:14 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\InetIPLM6.dll
[2005/09/27 11:45:14 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\InetIPLP6.dll
[2005/09/27 11:45:14 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\InetIPLPX.dll
[2005/09/27 11:45:14 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\InetIPLP5.dll
[2005/09/27 11:45:13 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\InetIPLA6.dll
[2005/09/27 11:45:13 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\InetIPLM5.dll
[2005/09/27 11:45:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\InetIPL.dll
[2005/09/27 11:44:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/08/19 13:45:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ambiance.INI
[2005/08/02 14:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/06/17 22:56:52 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/04/15 14:41:17 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\vv24ebl6.ini
[2005/04/15 14:41:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\v5iva69c.ini
[2005/04/15 14:41:11 | 000,003,506 | ---- | C] () -- C:\WINDOWS\System32\6eq03bbe.ini
[2005/04/12 12:14:15 | 000,000,301 | ---- | C] () -- C:\WINDOWS\maketorrent.ini
[2005/04/11 16:14:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/02/18 21:32:09 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2004/10/20 14:52:26 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\FBC452024D.sys
[2004/10/20 14:52:25 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/09/01 08:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/11 09:52:27 | 000,081,972 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/07/19 14:59:50 | 000,000,059 | ---- | C] () -- C:\WINDOWS\PestPatrol.ini
[2004/05/07 18:37:50 | 000,000,008 | ---- | C] () -- C:\WINDOWS\arc3dtext.ini
[2004/03/15 19:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/09/15 14:55:51 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2003/09/15 14:54:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2003/09/15 14:54:29 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2003/09/14 15:33:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/06 07:25:54 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DJFLNOIJ.ini
[2003/08/05 16:10:51 | 000,000,040 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/08/04 15:24:10 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2003/08/04 15:24:09 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2003/08/04 15:23:40 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2003/07/10 16:49:18 | 000,000,493 | ---- | C] () -- C:\WINDOWS\my.ini
[2003/07/09 14:48:18 | 000,012,359 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/06/24 07:14:07 | 000,194,048 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/06/14 17:49:04 | 000,001,447 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2003/05/20 15:09:07 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/03/04 12:35:42 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\msblcd32.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/09/12 17:35:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/09/05 01:40:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/09/05 01:34:51 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/09/05 01:12:57 | 000,000,507 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/09/05 01:12:57 | 000,000,317 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/09/05 01:12:57 | 000,000,071 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/09/05 00:51:32 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2001/09/05 00:51:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2001/09/05 00:51:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/09/04 20:18:27 | 000,000,775 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/09/04 20:08:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/09/04 20:01:02 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/17 13:51:56 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2000/12/29 09:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2000/11/15 19:00:00 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\Canon456.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/08/23 11:33:24 | 000,022,064 | ---- | C] () -- C:\WINDOWS\System32\tntlvr.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\drivers\atapi.sys

< %systemroot%\System32\config\*.sav >
[2001/09/04 13:04:09 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav
[2001/09/04 13:04:09 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2001/09/04 13:04:08 | 000,385,024 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav

< %systemroot%\system32\*.sys >
[2001/08/17 13:31:52 | 000,009,029 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ansi.sys
[2001/08/17 13:31:58 | 000,027,097 | ---- | M] () -- C:\WINDOWS\SYSTEM32\country.sys
[2004/10/20 14:52:35 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\SYSTEM32\FBC452024D.sys
[2001/08/17 13:31:50 | 000,004,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\himem.sys
[2001/08/17 13:31:58 | 000,042,809 | ---- | M] () -- C:\WINDOWS\SYSTEM32\key01.sys
[2004/08/03 22:46:54 | 000,042,537 | ---- | M] () -- C:\WINDOWS\SYSTEM32\keyboard.sys
[2004/10/20 14:52:35 | 000,001,890 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
[2001/08/17 13:31:44 | 000,027,866 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntdos.sys
[2001/08/17 13:31:48 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntdos404.sys
[2001/08/17 13:31:48 | 000,029,370 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntdos411.sys
[2001/08/17 13:31:52 | 000,029,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntdos412.sys
[2001/08/17 13:31:46 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntdos804.sys
[2004/08/03 22:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio.sys
[2004/08/03 22:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio404.sys
[2004/08/03 22:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio411.sys
[2004/08/03 22:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio412.sys
[2004/08/03 22:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio804.sys
[2001/07/25 15:48:46 | 000,009,876 | ---- | M] () -- C:\WINDOWS\SYSTEM32\usbbc.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\watchdog.sys
[2009/08/14 06:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\win32k.sys
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2002/07/23 09:01:28 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\adv01nt5.dll
[2002/07/23 09:01:30 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\adv02nt5.dll
[2002/07/23 09:01:30 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\adv05nt5.dll
[2002/07/23 09:01:30 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\adv07nt5.dll
[2002/07/23 09:01:32 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\adv08nt5.dll
[2002/07/23 09:01:32 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\adv09nt5.dll
[2002/07/23 09:01:34 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\adv11nt5.dll
[2002/07/23 09:01:22 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\atv01nt5.dll
[2002/07/23 09:01:22 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\atv02nt5.dll
[2002/07/23 09:01:24 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\atv04nt5.dll
[2002/07/23 09:01:24 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\atv06nt5.dll
[2002/07/23 09:01:26 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\atv10nt5.dll
[2002/07/23 09:01:20 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\Ch7xxNT5.dll
[2002/07/23 09:01:26 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\SiInt5.dll
[2001/07/03 20:39:00 | 000,003,654 | ---- | M] () -- C:\WINDOWS\SYSTEM32\drivers\Sonyhcp.dll
[2002/07/23 09:01:28 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\drivers\Vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2004/10/07 16:03:03 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008/11/25 13:42:18 | 000,334,792 | ---- | M] () -- C:\amt1
[2008/10/10 09:23:21 | 000,004,699 | ---- | M] () -- C:\areas.tab
[2008/10/10 09:23:21 | 000,006,567 | ---- | M] () -- C:\areas2.tab
[2001/09/04 20:13:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/03/21 18:11:07 | 000,052,641 | ---- | M] () -- C:\avi_log.txt
[2004/09/29 09:06:05 | 000,000,203 | RHS- | M] () -- C:\BOOT.INI
[2001/09/04 20:13:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/03/25 08:56:31 | 000,004,401 | ---- | M] () -- C:\data
[2005/08/19 08:09:11 | 000,000,071 | ---- | M] () -- C:\disk.txt
[2008/10/10 09:23:21 | 000,030,631 | ---- | M] () -- C:\features.tab
[2001/09/12 17:31:27 | 000,006,800 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/04/28 09:34:19 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/23 09:44:43 | 000,320,064 | ---- | M] () -- C:\Image Resizer Powertoy for Windows XP.msi
[2005/08/30 07:53:28 | 000,000,759 | ---- | M] () -- C:\INSTALL.LOG
[2001/09/04 20:13:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/29 09:12:02 | 000,000,729 | ---- | M] () -- C:\JavaRa.log
[2005/05/10 12:12:53 | 000,020,946 | ---- | M] () -- C:\log.txt
[2008/10/10 09:23:21 | 000,000,446 | ---- | M] () -- C:\mareas.tab
[2005/11/22 19:28:39 | 000,000,000 | ---- | M] () -- C:\mcaf.log
[2001/09/04 20:13:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/09/29 08:42:29 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/22 14:16:55 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/28 09:34:15 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2005/06/24 10:29:28 | 000,000,092 | ---- | M] () -- C:\ResumeOmgApDeliveryMgrCntrl_SonicStage_EmdDownloadObj.dmf
[2004/10/24 15:29:04 | 000,025,088 | ---- | M] () -- C:\Revenue Canada Child Tax.doc
[2008/10/10 09:23:21 | 000,094,454 | ---- | M] () -- C:\srchtree.tab
[2008/08/30 16:07:57 | 000,004,676 | ---- | M] () -- C:\StarBurn.log
[2005/12/14 13:20:07 | 000,019,456 | -HS- | M] () -- C:\Thumbs.db
[2007/11/03 12:34:41 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2007/08/25 15:58:19 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter
[2008/09/10 16:51:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/08/30 21:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2005/07/23 12:24:16 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/03/14 09:32:37 | 000,000,000 | ---D | M] -- C:\Program Files\AnVir Task Manager
[2008/07/10 20:06:57 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2009/11/28 15:19:05 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2008/03/18 09:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent_DNA
[2008/09/09 21:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/03/19 20:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/04/28 09:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/05/13 15:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\CoreCodec
[2003/05/20 14:51:22 | 000,000,000 | ---D | M] -- C:\Program Files\D-Tools
[2008/07/19 16:01:18 | 000,000,000 | ---D | M] -- C:\Program Files\Directory Lister
[2003/06/14 17:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2010/03/20 10:36:44 | 000,000,000 | ---D | M] -- C:\Program Files\Diskeeper Corporation
[2005/03/10 19:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/08/30 10:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2010/04/28 18:31:16 | 000,000,000 | ---D | M] -- C:\Program Files\Eudora
[2006/03/02 12:33:29 | 000,000,000 | ---D | M] -- C:\Program Files\Eudora2
[2010/04/14 15:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2005/10/14 21:16:29 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2004/04/16 15:12:20 | 000,000,000 | ---D | M] -- C:\Program Files\HP Instant Support
[2008/03/06 18:57:50 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/09/27 13:17:45 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2003/05/19 17:59:10 | 000,000,000 | ---D | M] -- C:\Program Files\IntelliTamper
[2005/05/19 11:43:05 | 000,000,000 | ---D | M] -- C:\Program Files\Intelore
[2010/01/22 09:28:13 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/04/29 09:11:28 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/08/23 09:10:28 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/07/30 17:59:59 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2005/11/29 13:07:07 | 000,000,000 | ---D | M] -- C:\Program Files\MessengerPlus! 3ss
[2009/09/15 13:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2004/04/16 15:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2003/05/20 15:06:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/05/10 12:20:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/10/05 17:17:06 | 000,000,000 | ---D | M] -- C:\Program Files\mIRC
[2006/03/02 12:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\ML Pics
[2010/03/10 09:54:49 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/07 16:24:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2004/04/16 15:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/04/16 15:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/09/15 13:07:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2008/11/13 09:02:55 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/09/08 12:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2007/05/20 15:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/09/28 23:57:11 | 000,000,000 | ---D | M] -- C:\Program Files\Nero2
[2008/08/22 14:23:00 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/07/19 09:47:23 | 000,000,000 | ---D | M] -- C:\Program Files\Norton< End of report >

Gemini
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-09-10
Gender Gender : Female
OS OS : XP
Protection Protection : Avast
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Gemini on 4th May 2010, 4:09 pm

Next bit:

[2009/07/21 09:43:24 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/08/12 08:12:06 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/04/01 09:18:40 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/14 09:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\Software Informer
[2009/09/28 10:06:21 | 000,000,000 | ---D | M] -- C:\Program Files\Soulseek
[2010/03/29 13:16:32 | 000,000,000 | ---D | M] -- C:\Program Files\SoulseekNS
[2005/11/24 10:28:56 | 000,000,000 | ---D | M] -- C:\Program Files\Top Producer
[2004/07/19 10:40:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2004/09/03 11:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2007/01/05 12:54:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/09/15 13:38:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/09/15 13:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/08/08 13:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/08/09 09:24:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/22 14:22:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2001/06/28 17:06:02 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2006/05/11 15:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/03/14 12:55:16 | 000,000,000 | ---D | M] -- C:\Program Files\Wise Registry Cleaner
[2010/04/23 19:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\xchat
[2004/04/16 15:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/04/23 19:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\XviD
[2008/09/10 16:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Your Uninstaller 2006

< %appdata%\*.* >
[2001/09/04 13:05:08 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Jane\Application Data\desktop.ini
[2004/08/07 21:05:10 | 000,003,262 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Stop Popup Ads Now.ico


< MD5 for: AGP440.SYS >
[2004/09/28 21:14:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/22 09:35:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/09/28 21:14:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/22 09:35:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\drivers\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\AGP440.SYS
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/09/28 21:14:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/22 09:35:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/09/28 21:14:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/22 09:35:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/09/28 21:14:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/22 09:35:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/09/28 21:14:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/08/22 09:35:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 22:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/09/28 21:14:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/08/22 09:35:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/09/28 21:14:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/08/22 09:35:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SYSTEM32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-11 17:05:13

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0

Gemini
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-09-10
Gender Gender : Female
OS OS : XP
Protection Protection : Avast
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Gemini on 4th May 2010, 4:10 pm

OTL Extras
OTL Extras logfile created on: 4/29/2010 9:23:53 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Jane\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 154.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.89 Gb Total Space | 8.85 Gb Free Space | 26.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.56 Gb Total Space | 1.08 Gb Free Space | 1.45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-ZE8CXVR8TT
Current User Name: Jane
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- Reg Error: Value error.
Directory [Winamp.Enqueue] -- Reg Error: Value error.
Directory [Winamp.Play] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\flashfxp.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking -- File not found
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- File not found
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" = C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite -- File not found
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- File not found
"C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX00.968\i love this game\YHub.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX00.968\i love this game\YHub.exe:*:Enabled:YHub -- File not found
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares -- File not found
"C:\Documents and Settings\Owner\Desktop\RANDOM JUNK\Graffiti Studio\Graffiti Studio.exe" = C:\Documents and Settings\Owner\Desktop\RANDOM JUNK\Graffiti Studio\Graffiti Studio.exe:*:Enabled:Macromedia Projector -- (Macromedia, Inc.)
"E:\DOWNLOADS\SITE STUFF\GRAFFITI VIDEOS\graffiti_studio\Graffiti Studio\Graffiti Studio.exe" = E:\DOWNLOADS\SITE STUFF\GRAFFITI VIDEOS\graffiti_studio\Graffiti Studio\Graffiti Studio.exe:*:Enabled:Macromedia Projector -- File not found
"C:\Program Files\FlashFXP\flashfxp.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Documents and Settings\Owner\Desktop\RANDOM JUNK\graffiti_studio\Graffiti Studio\Graffiti Studio.exe" = C:\Documents and Settings\Owner\Desktop\RANDOM JUNK\graffiti_studio\Graffiti Studio\Graffiti Studio.exe:*:Enabled:Macromedia Projector -- File not found
"C:\Program Files\Infopulse\GateKeeper 4.7\GKAccess.exe" = C:\Program Files\Infopulse\GateKeeper 4.7\GKAccess.exe:*:Enabled:Proxy-Pro GateKeeper access program -- File not found
"C:\Program Files\Fulldls Torrent\Fulldls.exe" = C:\Program Files\Fulldls Torrent\Fulldls.exe:*:Enabled:Fulldls Torrent -- File not found
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\Program Files\xchat2\xchat.exe" = C:\Program Files\xchat2\xchat.exe:*:Enabled:xchat -- File not found
"C:\Program Files\Symantec\pcAnywhere\Winaw32.exe" = C:\Program Files\Symantec\pcAnywhere\Winaw32.exe:*:Enabled:pcAnywhere Main Executable -- File not found
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" = C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service -- File not found
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service -- File not found
"%windir%\system32\ccapp.exe" = %windir%\system32\ccapp.exe:*:Enabled:System Process -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- File not found
"C:\Program Files\Real\RealPlayer\trueplay.exe" = C:\Program Files\Real\RealPlayer\trueplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\BitTorrent_DNA\dna.exe" = C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:dna -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1419E288-0C5E-4031-91B6-758658410070}" = Eudora
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9F2540-DD55-42FB-8EB6-5508EEC54013}" = TMPGEnc DVD Author 3 with DivX Authoring
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}" =
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D912230-46CF-11D5-99B7-00105AA4866C}" = Ambiance
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.1.00
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8847BC04-5F64-45B3-ABF9-7FDD1D09FC2C}" = Eudora
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) 810/810E/815/815E/815EM Chipset Graphics Driver Software
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9496E9E4-F20A-11D4-8EAA-00062973342B}" = Intel® Create & Share® Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A23866A0-738B-4091-9924-0B0DE3988A15}" = VP6 VFW Codec
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBF28FAC-101D-4F03-8F95-B99396C5AA9D}" = LC4
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F20D1291-9FB8-46B1-BE46-6282F93C20E8}" = Registry Cleaner Pro
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AnVir Task Manager" = AnVir Task Manager
"Audio DVD Creator_is1" = Audio DVD Creator 1.9.1.0
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"Directory Lister_is1" = Directory Lister v0.9
"Google Updater" = Google Updater
"HP Instant Support" = HP Instant Support
"HTPE3" = HyperTerminal Private Edition v6.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"Inactive HP ScanJet Drivers (Remove only)" = Inactive HP ScanJet Drivers (Remove only)
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"LiveReg" = LiveReg (Symantec Corporation)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP3 To Ringtone Gold_is1" = MP3 To Ringtone Gold 3.16
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Photo Center" = My Photo Center
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero7Lite_is1" = Nero 7 Lite 7.7.5.1
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Registry Cleaner Pro" = Registry Cleaner Pro
"Software Informer_is1" = Software Informer 1.0 BETA
"Soulseek2" = SoulSeek 157 NS 13e
"The Core Media Player" = The Core Media Player 4.0
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Professional V5.12
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word Wizard Deluxe" = Word Wizard Deluxe
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xchat" = X-Chat 2 (Official) (remove only)
"XviD" = XviD Video Codec 24062003-1 (Koepi's developer build)
"XviDDec" = Nic's XviD Decoder
"Your Uninstaller! 2006_is1" = Your Uninstaller! 2006 Version 5

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/18/2001 4:50:09 AM | Computer Name = YOUR-ZE8CXVR8TT | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Unhandled exception in AavmProviderStop
[Inner], MAIL.

Error - 6/16/2007 6:01:16 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: Aavm: FetchGlobalCounters cannot open mapping
- server DOWN???, 00000002.

Error - 4/5/2008 10:10:19 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

Error - 4/6/2008 1:19:07 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

Error - 4/7/2008 11:32:57 AM | Computer Name = YOUR-ZE8CXVR8TT | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

Error - 6/10/2008 11:09:28 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\101MSDCF\DSC03092.JPG failed, 0000A420.

Error - 8/11/2008 1:50:26 AM | Computer Name = YOUR-ZE8CXVR8TT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\101MSDCF\DSC02956.JPG failed, 0000001E.

Error - 3/26/2009 5:40:26 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\101MSDCF\DSC03793.JPG failed, 0000001E.

Error - 4/25/2009 7:15:50 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\101MSDCF\DSC03712.JPG failed, 0000001E.

Error - 4/29/2009 7:38:43 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\101MSDCF\DSC03818.JPG failed, 0000001E.

[ Application Events ]
Error - 3/17/2010 9:41:16 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 3/17/2010 9:41:16 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 3/17/2010 9:41:17 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 3/17/2010 9:41:17 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 3/25/2010 11:55:58 AM | Computer Name = YOUR-ZE8CXVR8TT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 3/25/2010 9:49:06 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 4/2/2010 1:01:06 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 4/4/2010 1:20:41 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 4/23/2010 5:28:47 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: A connection with the server could not be established

Error - 4/24/2010 10:01:20 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 4/26/2010 12:11:30 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/26/2010 1:36:22 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/26/2010 6:25:24 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = Service Control Manager | ID = 7034
Description = The IMAPI CD-Burning COM Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/27/2010 11:27:51 AM | Computer Name = YOUR-ZE8CXVR8TT | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 4/27/2010 11:27:51 AM | Computer Name = YOUR-ZE8CXVR8TT | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 4/27/2010 11:30:18 AM | Computer Name = YOUR-ZE8CXVR8TT | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/28/2010 12:34:30 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 4/28/2010 12:34:30 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 4/28/2010 12:35:33 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/28/2010 1:36:27 PM | Computer Name = YOUR-ZE8CXVR8TT | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

Gemini
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-09-10
Gender Gender : Female
OS OS : XP
Protection Protection : Avast
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Belahzur on 4th May 2010, 10:20 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Gemini on 10th May 2010, 6:13 pm

Hi, I don't think it was done properly as the Windows Recovery Console wouldn't download although I thought it had. Here is the log result:
ComboFix 10-05-09.08 - Jane 05/10/2010 10:01:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.227 [GMT -7:00]
Running from: c:\documents and settings\Jane\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100510-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
C:\Thumbs.db
c:\windows\alexaie.dll
c:\windows\alxie328.dll
c:\windows\alxtb1.dll
c:\windows\BackUp
c:\windows\btgrab.dll
c:\windows\dlmax.dll
c:\windows\Fonts\acrsec.fon
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\patch.exe
c:\windows\pynix.dll
c:\windows\system\oeminfo.ini
c:\windows\system32\alxres.dll
c:\windows\system32\dailytoolbar.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\jao.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\questmod.dll
c:\windows\system32\runsrv32.dll
c:\windows\system32\runsrv32.exe
c:\windows\system32\shellgui32.dll
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\spool\prtprocs\w32x86\000053e0.tmp
c:\windows\system32\svcp.csv
c:\windows\system32\tcpservice2.exe
c:\windows\system32\txfdb32.dll
c:\windows\system32\udpmod.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\winsrv32.exe
c:\windows\system32\winsub.xml
c:\windows\system32\wpcap.dll
c:\windows\system32\zlbw.dll
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_WKSPATCH
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-04-29 16:16 . 2010-04-29 16:18 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-04-29 16:05 . 2009-07-16 20:33 157696 ----a-w- c:\documents and settings\Jane\JavaRa.exe
2010-04-28 16:57 . 2010-04-28 16:57 -------- d-----w- c:\program files\Common Files\Java
2010-04-28 16:55 . 2010-04-28 16:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 21:34 . 2010-04-23 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 16:07 . 2004-04-16 23:03 -------- d-----w- c:\program files\Eudora
2010-05-10 03:56 . 2009-02-24 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-29 16:11 . 2005-05-10 19:10 -------- d-----w- c:\program files\Java
2010-04-24 02:05 . 2004-05-13 22:46 -------- d-----w- c:\program files\XviD
2010-04-24 02:04 . 2001-08-16 22:27 -------- d-----w- c:\program files\xchat
2010-04-14 22:09 . 2005-03-11 16:06 -------- d-----w- c:\program files\Google
2010-03-29 20:16 . 2010-03-29 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-03-29 20:16 . 2010-03-29 20:16 -------- d-----w- c:\program files\SoulseekNS
2010-03-20 17:36 . 2010-03-20 17:33 -------- d-----w- c:\program files\Diskeeper Corporation
2010-03-20 03:45 . 2010-03-20 03:45 -------- d-----w- c:\program files\CCleaner
2010-03-14 19:55 . 2010-03-14 17:51 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-03-14 16:41 . 2010-03-14 16:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{5DC53E13-E865-430F-97A7-98ACA32FC3D8}
2010-03-14 16:32 . 2010-03-14 16:32 -------- d-----w- c:\program files\AnVir Task Manager
2010-03-14 16:18 . 2010-03-14 16:18 -------- d-----w- c:\program files\Software Informer
2010-02-24 17:16 . 2009-10-02 15:51 181632 ------w- c:\windows\system32\MpSigStub.exe
2002-03-20 00:30 . 2002-03-20 00:30 5528 ----a-w- c:\program files\PowerToyReadme.htm
2002-03-20 00:30 . 2002-03-20 00:30 21504 ----a-w- c:\program files\phototoys.dll
2001-07-22 02:45 . 2001-07-22 02:45 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2001-08-18 05:36 50688 --sh--w- c:\windows\twain_32.dll
2004-10-20 21:52 . 2004-10-20 21:52 56 --sh--r- c:\windows\SYSTEM32\FBC452024D.sys
2004-10-20 21:52 . 2004-10-20 21:52 1890 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
2008-04-14 00:11 . 2001-08-18 05:36 1028096 --sha-w- c:\windows\SYSTEM32\mfc42.dll
2008-04-14 00:12 . 2001-08-18 05:36 11776 --sh--w- c:\windows\SYSTEM32\regsvr32.exe
.

------- Sigcheck -------

[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\dllcache\atapi.sys
[-] 2008-04-14 01:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\SYSTEM32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\RANDOM JUNK\\Graffiti Studio\\Graffiti Studio.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\ccapp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R0 d346bus;d346bus;c:\windows\SYSTEM32\drivers\d346bus.sys [5/20/2003 2:51 PM 156800]
R0 d346prt;d346prt;c:\windows\SYSTEM32\drivers\d346prt.sys [5/20/2003 2:51 PM 5248]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\drivers\aswSP.sys [4/3/2008 10:10 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\drivers\aswFsBlk.sys [4/3/2008 10:10 PM 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\RaInfo.sys --> c:\program files\LogMeIn\RaInfo.sys [?]
S3 gupdate1c9962eeeed6b6e;Google Update Service (gupdate1c9962eeeed6b6e);c:\program files\Google\Update\GoogleUpdate.exe [2/23/2009 8:21 PM 133104]
S3 iAimFP8;iAimFP8;c:\windows\SYSTEM32\drivers\wADV11NT.sys [9/15/2003 2:54 PM 11935]
.
Contents of the 'Scheduled Tasks' folder

2010-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 20:51]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 03:20]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 03:20]

2010-05-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2004-04-16 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 00:12]

2010-05-10 c:\windows\Tasks\User_Feed_Synchronization-{18441E2E-5357-45DD-B4A8-11F84F05DECD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = localhost
Trusted Zone: coastcapitalsavings.com\www
Trusted Zone: manchestereveningnews.co.uk\www
Trusted Zone: skincell.org\www
Trusted Zone: topproduceronline.com\www
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Jane\Application Data\Mozilla\Firefox\Profiles\8mop5cj9.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Jane\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
AddRemove-My Photo Center - c:\program files\ArcSoft\My Photo Center\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-10 10:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8318C2D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf887df28
\Driver\ACPI -> ACPI.sys @ 0xf87c9cb8
\Driver\atapi -> 0x8318c2d0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
NDIS: SMC EZ Card 10/100 PCI (SMC1211TX) -> SendCompleteHandler -> NDIS.sys @ 0xf8676bd4
PacketIndicateHandler -> NDIS.sys @ 0xf8682a21
SendHandler -> NDIS.sys @ 0xf8676d44
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2348)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2010-05-10 10:58:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-10 17:58

Pre-Run: 8,439,681,024 bytes free
Post-Run: 8,778,293,248 bytes free

- - End Of File - - AA304C58DB0790C8D8EE2968D3E4FB2F

Gemini
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-09-10
Gender Gender : Female
OS OS : XP
Protection Protection : Avast
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Belahzur on 10th May 2010, 9:48 pm

Hello.


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Gemini on 11th May 2010, 2:17 am

Hi, I seem to have trouble with zipped files and extraction. At work they were just a file folder with a zipper, and a right clip upzipped them. At home they are a stack of books. I am not sure how to do that properly.

I understand the rest. I've automatic updates running. IE 8, plus 4 XP updates I believe it was.

Doing my best and many thanks.........

Gemini
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-09-10
Gender Gender : Female
OS OS : XP
Protection Protection : Avast
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Gemini on 11th May 2010, 2:26 am

PS when I right click on the stack of books, there is nothing that says extract.

Gemini
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-09-10
Gender Gender : Female
OS OS : XP
Protection Protection : Avast
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Belahzur on 11th May 2010, 7:49 pm

Do you have Winrar installed? by the sounds you don't and only have Winzip.

Download and install [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Gemini on 12th May 2010, 2:15 am

My son says we have Winrar and he knows how to extract, so I'll try to get his cooperation.

Meanwhile, you are certainly helping. Today Windows Defender found Trojan Downloader:Win, and it's removed it. As well, my automatic updates have been coming quickly, another 3 tonight, after a long absence. The Trojan downloader was in C:\documentsandsettings\Jane\Desktop\setup.exe

Something done so far is working, so thank you. I've yet to do the last instruction. I need everything closed except my account. Hard to accomplish with more than one account.

Thank you soooo far, so good. :smile2:


Last edited by Gemini on 12th May 2010, 2:55 am; edited 1 time in total (Reason for editing : site of trojan + winrar)

Gemini
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-09-10
Gender Gender : Female
OS OS : XP
Protection Protection : Avast
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Belahzur on 12th May 2010, 10:32 pm

Hello.
Standing by for TDSSKiller log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Gemini on 15th May 2010, 2:17 am

[You must be registered and logged in to see this link.] wrote:Hello.
Standing by for TDSSKiller log.

Here it is, and many thanks :smile2:
14:13:53:734 0132 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
14:13:53:734 0132 ================================================================================
14:13:53:734 0132 SystemInfo:

14:13:53:734 0132 OS Version: 5.1.2600 ServicePack: 3.0
14:13:53:734 0132 Product type: Workstation
14:13:53:734 0132 ComputerName: YOUR-ZE8CXVR8TT
14:13:53:734 0132 UserName: Jane
14:13:53:734 0132 Windows directory: C:\WINDOWS
14:13:53:734 0132 Processor architecture: Intel x86
14:13:53:734 0132 Number of processors: 1
14:13:53:734 0132 Page size: 0x1000
14:13:53:750 0132 Boot type: Normal boot
14:13:53:750 0132 ================================================================================
14:13:54:062 0132 UnloadDriverW: NtUnloadDriver error 2
14:13:54:062 0132 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:13:55:093 0132 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
14:13:55:093 0132 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:13:55:093 0132 wfopen_ex: Trying to KLMD file open
14:13:55:093 0132 wfopen_ex: File opened ok (Flags 2)
14:13:55:093 0132 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
14:13:55:109 0132 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:13:55:109 0132 wfopen_ex: Trying to KLMD file open
14:13:55:109 0132 wfopen_ex: File opened ok (Flags 2)
14:13:55:109 0132 Initialize success
14:13:55:109 0132
14:13:55:109 0132 Scanning Services ...
14:14:05:593 0132 Raw services enum returned 376 services
14:14:05:640 0132
14:14:05:640 0132 Scanning Kernel memory ...
14:14:05:640 0132 Devices to scan: 5
14:14:05:640 0132
14:14:05:640 0132 Driver Name: Disk
14:14:05:640 0132 IRP_MJ_CREATE : F887DBB0
14:14:05:640 0132 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:14:05:640 0132 IRP_MJ_CLOSE : F887DBB0
14:14:05:640 0132 IRP_MJ_READ : F8877D1F
14:14:05:640 0132 IRP_MJ_WRITE : F8877D1F
14:14:05:640 0132 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:14:05:640 0132 IRP_MJ_SET_INFORMATION : 804FA88E
14:14:05:640 0132 IRP_MJ_QUERY_EA : 804FA88E
14:14:05:640 0132 IRP_MJ_SET_EA : 804FA88E
14:14:05:640 0132 IRP_MJ_FLUSH_BUFFERS : F88782E2
14:14:05:640 0132 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:14:05:640 0132 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:14:05:640 0132 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:14:05:640 0132 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:14:05:640 0132 IRP_MJ_DEVICE_CONTROL : F88783BB
14:14:05:640 0132 IRP_MJ_INTERNAL_DEVICE_CONTROL : F887BF28
14:14:05:640 0132 IRP_MJ_SHUTDOWN : F88782E2
14:14:05:640 0132 IRP_MJ_LOCK_CONTROL : 804FA88E
14:14:05:640 0132 IRP_MJ_CLEANUP : 804FA88E
14:14:05:640 0132 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:14:05:640 0132 IRP_MJ_QUERY_SECURITY : 804FA88E
14:14:05:640 0132 IRP_MJ_SET_SECURITY : 804FA88E
14:14:05:640 0132 IRP_MJ_POWER : F8879C82
14:14:05:640 0132 IRP_MJ_SYSTEM_CONTROL : F887E99E
14:14:05:640 0132 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:14:05:640 0132 IRP_MJ_QUERY_QUOTA : 804FA88E
14:14:05:640 0132 IRP_MJ_SET_QUOTA : 804FA88E
14:14:05:765 0132 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:14:05:781 0132
14:14:05:781 0132 Driver Name: Disk
14:14:05:781 0132 IRP_MJ_CREATE : F887DBB0
14:14:05:781 0132 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:14:05:781 0132 IRP_MJ_CLOSE : F887DBB0
14:14:05:781 0132 IRP_MJ_READ : F8877D1F
14:14:05:781 0132 IRP_MJ_WRITE : F8877D1F
14:14:05:781 0132 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:14:05:781 0132 IRP_MJ_SET_INFORMATION : 804FA88E
14:14:05:781 0132 IRP_MJ_QUERY_EA : 804FA88E
14:14:05:781 0132 IRP_MJ_SET_EA : 804FA88E
14:14:05:781 0132 IRP_MJ_FLUSH_BUFFERS : F88782E2
14:14:05:781 0132 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:14:05:781 0132 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:14:05:781 0132 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:14:05:781 0132 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:14:05:781 0132 IRP_MJ_DEVICE_CONTROL : F88783BB
14:14:05:781 0132 IRP_MJ_INTERNAL_DEVICE_CONTROL : F887BF28
14:14:05:781 0132 IRP_MJ_SHUTDOWN : F88782E2
14:14:05:781 0132 IRP_MJ_LOCK_CONTROL : 804FA88E
14:14:05:781 0132 IRP_MJ_CLEANUP : 804FA88E
14:14:05:781 0132 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:14:05:781 0132 IRP_MJ_QUERY_SECURITY : 804FA88E
14:14:05:781 0132 IRP_MJ_SET_SECURITY : 804FA88E
14:14:05:781 0132 IRP_MJ_POWER : F8879C82
14:14:05:781 0132 IRP_MJ_SYSTEM_CONTROL : F887E99E
14:14:05:781 0132 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:14:05:781 0132 IRP_MJ_QUERY_QUOTA : 804FA88E
14:14:05:781 0132 IRP_MJ_SET_QUOTA : 804FA88E
14:14:05:843 0132 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:14:05:843 0132
14:14:05:843 0132 Driver Name: Disk
14:14:05:843 0132 IRP_MJ_CREATE : F887DBB0
14:14:05:843 0132 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:14:05:843 0132 IRP_MJ_CLOSE : F887DBB0
14:14:05:843 0132 IRP_MJ_READ : F8877D1F
14:14:05:843 0132 IRP_MJ_WRITE : F8877D1F
14:14:05:843 0132 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:14:05:843 0132 IRP_MJ_SET_INFORMATION : 804FA88E
14:14:05:843 0132 IRP_MJ_QUERY_EA : 804FA88E
14:14:05:843 0132 IRP_MJ_SET_EA : 804FA88E
14:14:05:843 0132 IRP_MJ_FLUSH_BUFFERS : F88782E2
14:14:05:843 0132 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:14:05:843 0132 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:14:05:843 0132 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:14:05:843 0132 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:14:05:843 0132 IRP_MJ_DEVICE_CONTROL : F88783BB
14:14:05:843 0132 IRP_MJ_INTERNAL_DEVICE_CONTROL : F887BF28
14:14:05:843 0132 IRP_MJ_SHUTDOWN : F88782E2
14:14:05:843 0132 IRP_MJ_LOCK_CONTROL : 804FA88E
14:14:05:843 0132 IRP_MJ_CLEANUP : 804FA88E
14:14:05:843 0132 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:14:05:843 0132 IRP_MJ_QUERY_SECURITY : 804FA88E
14:14:05:843 0132 IRP_MJ_SET_SECURITY : 804FA88E
14:14:05:843 0132 IRP_MJ_POWER : F8879C82
14:14:05:843 0132 IRP_MJ_SYSTEM_CONTROL : F887E99E
14:14:05:843 0132 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:14:05:843 0132 IRP_MJ_QUERY_QUOTA : 804FA88E
14:14:05:843 0132 IRP_MJ_SET_QUOTA : 804FA88E
14:14:05:937 0132 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:14:05:937 0132
14:14:05:937 0132 Driver Name: atapi
14:14:05:937 0132 IRP_MJ_CREATE : 83235A00
14:14:05:937 0132 IRP_MJ_CREATE_NAMED_PIPE : 83235A00
14:14:05:937 0132 IRP_MJ_CLOSE : 83235A00
14:14:05:937 0132 IRP_MJ_READ : 83235A00
14:14:05:937 0132 IRP_MJ_WRITE : 83235A00
14:14:05:937 0132 IRP_MJ_QUERY_INFORMATION : 83235A00
14:14:05:937 0132 IRP_MJ_SET_INFORMATION : 83235A00
14:14:05:937 0132 IRP_MJ_QUERY_EA : 83235A00
14:14:05:937 0132 IRP_MJ_SET_EA : 83235A00
14:14:05:937 0132 IRP_MJ_FLUSH_BUFFERS : 83235A00
14:14:05:937 0132 IRP_MJ_QUERY_VOLUME_INFORMATION : 83235A00
14:14:05:937 0132 IRP_MJ_SET_VOLUME_INFORMATION : 83235A00
14:14:05:937 0132 IRP_MJ_DIRECTORY_CONTROL : 83235A00
14:14:05:937 0132 IRP_MJ_FILE_SYSTEM_CONTROL : 83235A00
14:14:05:937 0132 IRP_MJ_DEVICE_CONTROL : 83235A00
14:14:05:937 0132 IRP_MJ_INTERNAL_DEVICE_CONTROL : 83235A00
14:14:05:953 0132 IRP_MJ_SHUTDOWN : 83235A00
14:14:05:953 0132 IRP_MJ_LOCK_CONTROL : 83235A00
14:14:05:953 0132 IRP_MJ_CLEANUP : 83235A00
14:14:05:953 0132 IRP_MJ_CREATE_MAILSLOT : 83235A00
14:14:05:953 0132 IRP_MJ_QUERY_SECURITY : 83235A00
14:14:05:953 0132 IRP_MJ_SET_SECURITY : 83235A00
14:14:05:953 0132 IRP_MJ_POWER : 83235A00
14:14:05:953 0132 IRP_MJ_SYSTEM_CONTROL : 83235A00
14:14:05:953 0132 IRP_MJ_DEVICE_CHANGE : 83235A00
14:14:05:953 0132 IRP_MJ_QUERY_QUOTA : 83235A00
14:14:05:953 0132 IRP_MJ_SET_QUOTA : 83235A00
14:14:06:093 0132 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
14:14:06:093 0132
14:14:06:093 0132 Driver Name: atapi
14:14:06:093 0132 IRP_MJ_CREATE : 83235A00
14:14:06:093 0132 IRP_MJ_CREATE_NAMED_PIPE : 83235A00
14:14:06:093 0132 IRP_MJ_CLOSE : 83235A00
14:14:06:093 0132 IRP_MJ_READ : 83235A00
14:14:06:093 0132 IRP_MJ_WRITE : 83235A00
14:14:06:093 0132 IRP_MJ_QUERY_INFORMATION : 83235A00
14:14:06:093 0132 IRP_MJ_SET_INFORMATION : 83235A00
14:14:06:093 0132 IRP_MJ_QUERY_EA : 83235A00
14:14:06:093 0132 IRP_MJ_SET_EA : 83235A00
14:14:06:093 0132 IRP_MJ_FLUSH_BUFFERS : 83235A00
14:14:06:093 0132 IRP_MJ_QUERY_VOLUME_INFORMATION : 83235A00
14:14:06:109 0132 IRP_MJ_SET_VOLUME_INFORMATION : 83235A00
14:14:06:109 0132 IRP_MJ_DIRECTORY_CONTROL : 83235A00
14:14:06:109 0132 IRP_MJ_FILE_SYSTEM_CONTROL : 83235A00
14:14:06:109 0132 IRP_MJ_DEVICE_CONTROL : 83235A00
14:14:06:109 0132 IRP_MJ_INTERNAL_DEVICE_CONTROL : 83235A00
14:14:06:109 0132 IRP_MJ_SHUTDOWN : 83235A00
14:14:06:109 0132 IRP_MJ_LOCK_CONTROL : 83235A00
14:14:06:109 0132 IRP_MJ_CLEANUP : 83235A00
14:14:06:109 0132 IRP_MJ_CREATE_MAILSLOT : 83235A00
14:14:06:109 0132 IRP_MJ_QUERY_SECURITY : 83235A00
14:14:06:109 0132 IRP_MJ_SET_SECURITY : 83235A00
14:14:06:109 0132 IRP_MJ_POWER : 83235A00
14:14:06:109 0132 IRP_MJ_SYSTEM_CONTROL : 83235A00
14:14:06:109 0132 IRP_MJ_DEVICE_CHANGE : 83235A00
14:14:06:109 0132 IRP_MJ_QUERY_QUOTA : 83235A00
14:14:06:109 0132 IRP_MJ_SET_QUOTA : 83235A00
14:14:06:156 0132 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
14:14:06:156 0132
14:14:06:156 0132 Completed
14:14:06:156 0132
14:14:06:171 0132 Results:
14:14:06:171 0132 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
14:14:06:171 0132 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:14:06:171 0132 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:14:06:171 0132
14:14:06:171 0132 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
14:14:06:171 0132 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
14:14:06:281 0132 KLMD(ARK) unloaded successfully

Gemini
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-09-10
Gender Gender : Female
OS OS : XP
Protection Protection : Avast
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Belahzur on 15th May 2010, 10:31 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Gemini on 16th May 2010, 7:19 pm

[You must be registered and logged in to see this link.] wrote:Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

Hi, I downloaded it and it didn't need unzipping or extraction. When I clicked on it a box came up asking if I wanted to run it, and I clicked run. Another box comes up and immediately along the bottom starts to whiz along with letters, etc. All this happens soooo fast I don't have time to click the >>>, or the "scan". It careens along for about a minute, then the whole dialogue box disappears. I did rename it but it doesn't help.

What am I doing wrong? I don't know how to run in safe mode. Sorry.......

On a positive note, I have my home page back again and that pop-up box has disappeared. Big Grin

Gemini
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-09-10
Gender Gender : Female
OS OS : XP
Protection Protection : Avast
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Belahzur on 16th May 2010, 8:02 pm

Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Try GMER in Safe Mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Gemini on 17th May 2010, 2:12 am

After my previous post (# 22), the account was changed to my son's. When I needed to switch back to mine, it wouldn't do it, and said Windows can't switch accounts, restart needed. So we did that, and I then deleted GMER from my desktop.

I'll have to reinstall tomorrow and will try again in safe mode.

Are we nearly at the end do you know? Many thanks.

Gemini
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-09-10
Gender Gender : Female
OS OS : XP
Protection Protection : Avast
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus, infection Notepad results, resubmitting as requested.

Post by Belahzur on 17th May 2010, 9:29 pm

Not too sure, depends if we can get a GMER log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum