Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log inside - Zlob. DNS Changer - please help


  • This topic is locked This topic is locked
8 replies to this topic

#1 Murraym333

Murraym333

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 18 April 2009 - 07:36 PM

Got this nasty thing on my PC. Malwarebytes will not open in safe mode or if i change the name of the Mbam.exe

Heres my HJT log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:16:59, on 19/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B08DA68-23B9-41E8-8CDA-7EEF1C81D52F}: NameServer = 85.255.112.207,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF52CD88-036A-4DE7-9160-5F30199B5CF4}: NameServer = 85.255.112.207,85.255.112.210
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.207,85.255.112.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B08DA68-23B9-41E8-8CDA-7EEF1C81D52F}: NameServer = 85.255.112.207,85.255.112.210
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.207,85.255.112.210
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B08DA68-23B9-41E8-8CDA-7EEF1C81D52F}: NameServer = 85.255.112.207,85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.207,85.255.112.210
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9b70f21858c04) (gupdate1c9b70f21858c04) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9126 bytes


Thanks for any help that I recieve.

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:40 PM

Posted 19 April 2009 - 11:51 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Murraym333

Murraym333
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 23 April 2009 - 05:29 AM

Hi Sam, thanks for the reply. Here is the Log that you requested.

OTListIt Extras logfile created on: 23/04/2009 11:23:53 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Murray\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.44 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 67.53% Memory free
3.29 Gb Paging File | 2.97 Gb Available in Paging File | 90.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 73.50 Gb Free Space | 49.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 971.72 Mb Total Space | 660.77 Mb Free Space | 68.00% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATTS
Current User Name: Murray
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-448539723-813497703-963894560-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/02/12 14:15:43 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007/04/23 12:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2006/10/27 16:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006/10/27 16:37:44 | 00,338,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2006/10/27 16:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2009/02/04 17:50:06 | 01,711,304 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
[2009/01/04 12:20:30 | 00,356,352 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/03/12 20:56:54 | 13,498,664 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2009/04/03 20:23:58 | 03,558,648 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{009AC76E-1A66-4682-82B7-417E77F3C648}" = Superior Drummer Installer
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BCD3375-BF5A-439C-8803-F5DC4AFF7C2B}" = TubeScreamer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D37FB97-944C-402E-B587-E969BFD99A10}" = ASUS TV FM CARD
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A9E9D61-E4DC-4B18-B866-38D99405706D}" = Sound Blaster Extigy
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EDEF5B1-B740-4DFF-AC16-E2428E1713E8}" = AmpliTube Metal
"{A1A08EF0-3315-4633-AE76-627E20262BF2}" = Antares kantos VST PC
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2
"{C9722FA7-170E-42C6-876E-2D87AD93942C}" = Nomad Bundle VST
"{CA832FE2-4E56-4B4C-A56F-1AEB7B71A8A9}" = Belkin High-Speed Mode Wireless G USB Network Adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D70666B2-7E6B-46F0-85E2-06C30C1269C0}" = ASUS MyCinema Series
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"4oD" = 4oD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Alive HD Video Converter_is1" = Alive HD Video Converter (version 1.0.6.9)
"Antares Auto-Tune v4.39" = Antares Auto-Tune v4.39
"Antares Microphone Modeler DX v1.32" = Antares Microphone Modeler DX v1.32
"Antares Tube VST v1.02" = Antares Tube VST v1.02
"ASIO4ALL" = ASIO4ALL
"Audio Damage 907A VST v1.0.0.7" = Audio Damage 907A VST v1.0.0.7
"Audio Damage DeVerb VST v1.0" = Audio Damage DeVerb VST v1.0
"Audio Damage DubStation VST v1.0.2.0" = Audio Damage DubStation VST v1.0.2.0
"Audio.Damage.Ronin.v1.0.VST-DAC" = Audio.Damage.Ronin.v1.0.VST-DAC
"AudioEase Altiverb VST RTAS_is1" = AudioEase Altiverb VST RTAS v6.12
"BBE D82 Sonic Maximizer VST RTAS_is1" = BBE D82 Sonic Maximizer VST RTAS v2.0
"BigSeq VST plug-in" = BigSeq VST plug-in
"BlueCat Audio All Plugins Pack VST v1.0" = BlueCat Audio All Plugins Pack VST v1.0
"Brainworx BX Digital VST_is1" = Brainworx BX Digital VST v1.09
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Discord 2 VST plug-in" = Discord 2 VST plug-in
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FriendBlasterPro_is1" = FriendBlasterPro
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"iDump" = iDump (Build: 28)
"IL Download Manager" = IL Download Manager
"InstallShield_{2D37FB97-944C-402E-B587-E969BFD99A10}" = ASUS TV FM CARD
"IrfanView" = IrfanView (remove only)
"iZotope Ozone 4_is1" = iZotope Ozone 4
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.5.3
"Lexicon PSP 42 VST DX v1.0" = Lexicon PSP 42 VST DX v1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"NavNet_is1" = NavNet
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NomadFactory Analog Mastering Tools VST RTAS_is1" = NomadFactory Analog Mastering Tools VST RTAS v1.0
"NomadFactory Blue Tubes Analog TrackBox VST RTAS_is1" = NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.3
"NomadFactory Blue Tubes Dynamics Pack VST RTAS_is1" = NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.2
"NomadFactory Blue Tubes Effects Pack VST RTAS_is1" = NomadFactory Blue Tubes Effects Pack VST RTAS v3.2
"NomadFactory Blue Tubes Equalizers Pack VST RTAS_is1" = NomadFactory Blue Tubes Equalizers Pack VST RTAS v3.2
"NomadFactory BlueVerb DRV-2080 VST RTAS_is1" = NomadFactory BlueVerb DRV-2080 VST RTAS v1.4
"NomadFactory Essential Studio Suite VST RTAS_is1" = NomadFactory Essential Studio Suite VST RTAS v1.5
"NomadFactory Limiting Amplifier LM-662 VST RTAS_is1" = NomadFactory Limiting Amplifier LM-662 VST RTAS v1.3
"NomadFactory Liquid Bundle VST RTAS_is1" = NomadFactory Liquid Bundle VST RTAS v2.4
"NomadFactory Program Equalizer EQP-4 VST RTAS_is1" = NomadFactory Program Equalizer EQP-4 VST RTAS v1.3
"NomadFactory Retrology M-Tone EQ VST RTAS_is1" = NomadFactory Retrology M-Tone EQ VST RTAS v1.0
"NomadFactory Studio Channel SC-226 VST RTAS_is1" = NomadFactory Studio Channel SC-226 VST RTAS v1.3
"Ohmforce Hematohm PRO VST v1.22" = Ohmforce Hematohm PRO VST v1.22
"Ohmforce Mobilohm PRO VST v1.12" = Ohmforce Mobilohm PRO VST v1.12
"Ohmforce Ohmboyz PRO VST v1.42" = Ohmforce Ohmboyz PRO VST v1.42
"Ohmforce Predatohm PRO VST v1.32" = Ohmforce Predatohm PRO VST v1.32
"Ohmforce Quad Frohmage Pro VST v1.10" = Ohmforce Quad Frohmage Pro VST v1.10
"Ohmicide VST" = Ohm Force - Ohmicide VST
"Orbit_is1" = Orbit Downloader
"Overloud BREVERB VST RTAS_is1" = Overloud BREVERB VST RTAS v1.1
"PhaseTwo VST plug-in" = PhaseTwo VST plug-in
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"PSP Audioware MasterQ DX VST v1.01d" = PSP Audioware MasterQ DX VST v1.01d
"PSP Audioware Xenon_is1" = PSP Audioware Xenon v1.0
"PSP sQuad 1.1.1" = PSP sQuad 1.1.1
"PSP VintageWarmer 2.0.0" = PSP VintageWarmer 2.0.0
"PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ" = PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ
"PSP_Nitro" = PSP Nitro 1.1.0
"Ratshack Ratverb" = Ratshack Ratverb
"Replicant VST plug-in" = Replicant VST plug-in
"Roger Nichols Digital FREQUAL-IZER VST RTAS_is1" = Roger Nichols Digital FREQUAL-IZER VST RTAS v1.2
"S3" = UniChrome Series Driver and Utilities
"Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 3.00
"Sonic Charge Synplant_is1" = Sonic Charge Synplant 1.0
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Sonnox Oxford Inflator PowerCore VST_is1" = Sonnox Oxford Inflator PowerCore VST v1.5.1
"Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
"Sonnox Oxford R3 Dynamics Native VST_is1" = Sonnox Oxford R3 Dynamics Native VST v1.3.1
"Sonnox Oxford R3 Dynamics PowerCore VST_is1" = Sonnox Oxford R3 Dynamics PowerCore VST v1.3.1
"Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1
"Sonnox Oxford R3 EQ PowerCore VST_is1" = Sonnox Oxford R3 EQ PowerCore VST v1.6.1
"Sonnox Oxford Reverb Native VST_is1" = Sonnox Oxford Reverb Native VST v1.0
"Sonnox Oxford TransMod Native VST_is1" = Sonnox Oxford TransMod Native VST v1.3.1
"Sonnox Oxford TransMod PowerCore VST_is1" = Sonnox Oxford TransMod PowerCore VST v1.3.1
"Steinberg Nuendo v3.2.0.1128" = Steinberg Nuendo v3.2.0.1128
"Stillwell Audio Plugins Bundle VST v1.52" = Stillwell Audio Plugins Bundle VST v1.52
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"Tone2 FilterBank3_is1" = FilterBank v3.2
"Toxic Biohazard" = Toxic Biohazard
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 0.9.8a
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Voxengo Pristine Space VST" = Voxengo Pristine Space VST 1.8
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Waves API Collection" = Waves API Collection
"Waves Mercury Bundle" = Waves Mercury Bundle
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448539723-813497703-963894560-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/03/2009 03:05:47 | Computer Name = MATTS | Source = Application Error | ID = 1000
Description = Faulting application application launcher.exe, version 2.2.12.63,
faulting module mfc71u.dll, version 7.10.3077.0, fault address 0x0002c9a5.

Error - 12/03/2009 08:17:30 | Computer Name = MATTS | Source = Application Error | ID = 1000
Description = Faulting application application launcher.exe, version 2.2.12.63,
faulting module mfc71u.dll, version 7.10.3077.0, fault address 0x0002c9a5.

Error - 19/03/2009 08:59:22 | Computer Name = MATTS | Source = Application Error | ID = 1000
Description = Faulting application khost.exe, version 5.11.704.230, faulting module
unknown, version 0.0.0.0, fault address 0x0017df50.

Error - 19/03/2009 12:09:45 | Computer Name = MATTS | Source = Application Error | ID = 1000
Description = Faulting application ml20gui.exe, version 0.0.0.0, faulting module
lm20.dll, version 0.0.0.0, fault address 0x0000105e.

Error - 21/03/2009 08:06:39 | Computer Name = MATTS | Source = NavNet.exe | ID = 0
Description =

Error - 21/03/2009 08:20:57 | Computer Name = MATTS | Source = NavNet.exe | ID = 0
Description =

Error - 21/03/2009 08:56:12 | Computer Name = MATTS | Source = NavNet.exe | ID = 0
Description =

Error - 21/03/2009 09:03:40 | Computer Name = MATTS | Source = NavNet.exe | ID = 0
Description =

Error - 21/03/2009 17:58:57 | Computer Name = MATTS | Source = Application Error | ID = 1000
Description = Faulting application wlcomm.exe, version 14.0.8064.206, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.

Error - 21/03/2009 18:40:32 | Computer Name = MATTS | Source = MsiInstaller | ID = 1013
Description = Product: ASUS TV FM CARD -- 1: This installation cannot be run by
directly launching the MSI package. You must run setup.exe.

[ System Events ]
Error - 18/04/2009 20:06:45 | Computer Name = MATTS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 18/04/2009 20:07:29 | Computer Name = MATTS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 18/04/2009 20:07:34 | Computer Name = MATTS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 19/04/2009 08:03:11 | Computer Name = MATTS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
uagp35

Error - 19/04/2009 08:48:14 | Computer Name = MATTS | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 21/04/2009 01:54:05 | Computer Name = MATTS | Source = Service Control Manager | ID = 7034
Description = The KService service terminated unexpectedly. It has done this 1
time(s).

Error - 22/04/2009 13:12:15 | Computer Name = MATTS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
uagp35

Error - 22/04/2009 20:11:13 | Computer Name = MATTS | Source = Service Control Manager | ID = 7034
Description = The KService service terminated unexpectedly. It has done this 1
time(s).

Error - 22/04/2009 20:11:24 | Computer Name = MATTS | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 23/04/2009 06:19:42 | Computer Name = MATTS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:40 PM

Posted 23 April 2009 - 05:37 PM

That is the extra log. I need to see the other log and also the log from Gmer.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Murraym333

Murraym333
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 23 April 2009 - 05:48 PM

hat is the extra log. I need to see the other log


That is the only log from OTListIt2 that appears.

Here is the GMER report

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-23 23:48:03
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT spqc.sys ZwCreateKey [0xF74D70E0]
SSDT spqc.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spqc.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spqc.sys ZwOpenKey [0xF74D70C0]
SSDT spqc.sys ZwQueryKey [0xF74F6108]
SSDT spqc.sys ZwQueryValueKey [0xF74F5F88]
SSDT spqc.sys ZwSetValueKey [0xF74F619A]

INT 0x62 ? 898B7BF8
INT 0x73 ? 895DEBF8
INT 0x73 ? 895DEBF8
INT 0x73 ? 895DEBF8
INT 0x73 ? 895DEBF8
INT 0x73 ? 895DEBF8
INT 0x82 ? 898B7BF8

Code 893A1410 ZwFlushInstructionCache
Code 893B8C36 IofCallDriver
Code 8927E796 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 893B8C3B
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 8927E79B
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80576A6A 5 Bytes JMP 893A1414
? spqc.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BA17C62C 5 Bytes JMP 895DE1D8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2988] WS2_32.dll!send 71AB428A 5 Bytes JMP 00A2000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2988] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00A5000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2988] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00A3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2988] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00A4000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 898B92D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spqc.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spqc.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spqc.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spqc.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spqc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spqc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spqc.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 895DE2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spqc.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 898B61F8
Device \FileSystem\Fastfat \FatCdrom 89393468
Device \Driver\NetBT \Device\NetBT_Tcpip_{2B08DA68-23B9-41E8-8CDA-7EEF1C81D52F} 892591F8
Device \Driver\usbuhci \Device\USBPDO-0 8968E500
Device \Driver\usbuhci \Device\USBPDO-1 8968E500
Device \Driver\usbuhci \Device\USBPDO-2 8968E500
Device \Driver\PCI_PNP4042 \Device\00000046 spqc.sys
Device \Driver\PCI_PNP4042 \Device\00000046 spqc.sys
Device \Driver\usbehci \Device\USBPDO-3 8967F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8984C1F8
Device \Driver\atapi \Device\Ide\IdePort0 898B71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 898B71F8
Device \Driver\atapi \Device\Ide\IdePort1 898B71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 898B71F8
Device \Driver\usbstor \Device\00000066 8923E1F8
Device \Driver\usbstor \Device\00000069 8923E1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 892591F8
Device \Driver\NetBT \Device\NetbiosSmb 892591F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BF52CD88-036A-4DE7-9160-5F30199B5CF4} 892591F8
Device \Driver\usbstor \Device\0000006a 8923E1F8
Device \Driver\usbstor \Device\0000006b 8923E1F8
Device \Driver\usbuhci \Device\USBFDO-0 8968E500
Device \Driver\usbstor \Device\0000006c 8923E1F8
Device \Driver\usbuhci \Device\USBFDO-1 8968E500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89354500
Device \Driver\usbuhci \Device\USBFDO-2 8968E500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89354500
Device \Driver\usbehci \Device\USBFDO-3 8967F1F8
Device \Driver\Ftdisk \Device\FtControl 8984C1F8
Device \Driver\sptd \Device\1246282792 spqc.sys
Device \Driver\aon64y1l \Device\Scsi\aon64y1l1Port2Path0Target1Lun0 8950C500
Device \Driver\aon64y1l \Device\Scsi\aon64y1l1Port2Path0Target0Lun0 8950C500
Device \Driver\aon64y1l \Device\Scsi\aon64y1l1 8950C500
Device \FileSystem\Fastfat \Fat 89393468
Device \FileSystem\Cdfs \Cdfs 89484500
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxchyktloxmbobobftrfaknsmqpxucvvmkv.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [2988] 0x10000000

---- EOF - GMER 1.0.15 ----

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:40 PM

Posted 23 April 2009 - 05:54 PM

Please run it again and post the log that is created.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Murraym333

Murraym333
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 24 April 2009 - 04:18 AM

OTListIt logfile created on: 24/04/2009 10:15:35 - Run 3
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Murray\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.44 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 60.94% Memory free
3.29 Gb Paging File | 2.86 Gb Available in Paging File | 86.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 72.16 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 971.72 Mb Total Space | 660.77 Mb Free Space | 68.00% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATTS
Current User Name: Murray
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2004/03/29 17:08:16 | 00,049,152 | ---- | M] () -- C:\Program Files\Belkin\F5D7051\WLService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/06/13 16:45:54 | 00,827,392 | ---- | M] () -- C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
PRC - [2009/03/22 01:09:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/04/23 12:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2009/04/07 00:26:32 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/04 13:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009/03/22 01:09:22 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/02/26 17:53:30 | 00,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/03/26 15:07:12 | 00,049,152 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2006/10/27 01:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/02/12 20:16:00 | 00,065,536 | ---- | M] (ASUSTeK) -- C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
PRC - [2007/12/11 05:59:40 | 00,307,200 | ---- | M] (Team H2O) -- C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/02/12 14:15:43 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/03/16 04:23:20 | 00,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2007/07/11 16:57:42 | 00,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/03/12 20:56:54 | 13,498,664 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/04/23 11:21:17 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/06 19:50:50 | 00,114,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2009/04/23 11:23:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Murray\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/03/29 17:08:16 | 00,049,152 | ---- | M] () -- C:\Program Files\Belkin\F5D7051\WLService.exe -- (Belkin High-Speed Mode Wireless G USB Network Adapter Service [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/02/02 20:09:13 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/12/01 12:01:02 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/04/07 00:26:32 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9b70f21858c04 [Auto | Stopped])
SRV - [2004/08/04 13:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/22 01:09:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/04/23 12:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
SRV - [2006/10/27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/11/06 21:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/01/26 03:42:50 | 02,831,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\DRIVERS\3xHybrid.sys -- (3xHybrid [On_Demand | Running])
DRV - [2009/02/22 14:25:55 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2004/02/24 12:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Stopped])
DRV - [2004/02/27 01:50:38 | 00,611,820 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
DRV - [2004/10/14 16:19:10 | 00,751,104 | R--- | M] (ASUSTek) -- C:\WINDOWS\system32\DRIVERS\Cap713x.sys -- (Cap713x [On_Demand | Stopped])
DRV - [2005/05/09 21:08:40 | 00,033,792 | ---- | M] (Team H2O) -- C:\WINDOWS\system32\DRIVERS\cledx.sys -- (CLEDX [On_Demand | Running])
DRV - [2004/12/16 14:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
DRV - [2001/08/17 13:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/04 00:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2004/08/04 13:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2007/11/06 21:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [1999/12/17 02:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/04/23 16:54:46 | 00,083,208 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s115bus.sys -- (s115bus [On_Demand | Stopped])
DRV - [2007/04/23 16:54:48 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s115mdfl.sys -- (s115mdfl [On_Demand | Stopped])
DRV - [2007/04/23 16:54:48 | 00,108,680 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s115mdm.sys -- (s115mdm [On_Demand | Stopped])
DRV - [2007/04/23 16:54:50 | 00,100,488 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s115mgmt.sys -- (s115mgmt [On_Demand | Stopped])
DRV - [2007/04/23 16:54:50 | 00,098,568 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s115obex.sys -- (s115obex [On_Demand | Stopped])
DRV - [2002/05/31 02:21:32 | 01,152,916 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\sbext.sys -- (sbext [On_Demand | Running])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/01/23 13:52:08 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2002/10/11 18:08:30 | 00,065,632 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\System32\drivers\tpkd.sys -- (TPkd [Boot | Running])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/08/04 13:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
DRV - [2002/12/27 05:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2004/05/05 15:28:52 | 00,142,976 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys -- (viagfx [On_Demand | Running])
DRV - [2003/09/25 23:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.myspace.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.7.7.1
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.4.4
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/22 01:09:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 11:21:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/23 11:21:21 | 00,000,000 | ---D | M]

[2009/01/21 22:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Murray\Application Data\mozilla\Extensions
[2009/01/21 22:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Murray\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/23 23:09:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Murray\Application Data\mozilla\Firefox\Profiles\027no7e6.default\extensions
[2009/01/22 22:16:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Murray\Application Data\mozilla\Firefox\Profiles\027no7e6.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/04/16 21:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Murray\Application Data\mozilla\Firefox\Profiles\027no7e6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/17 11:34:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Murray\Application Data\mozilla\Firefox\Profiles\027no7e6.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2009/02/05 18:48:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Murray\Application Data\mozilla\Firefox\Profiles\027no7e6.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2009/04/10 22:15:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Murray\Application Data\mozilla\Firefox\Profiles\027no7e6.default\extensions\searchrecs@veoh.com
[2009/04/05 21:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Murray\Application Data\mozilla\Firefox\Profiles\027no7e6.default\extensions\twitternotifier@naan.net
[2009/04/23 23:09:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/23 11:21:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/22 01:09:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/23 11:21:17 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 11:21:17 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all (Kontiki Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor ()
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run (Creative Technology Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe (ASUSTeK)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions ()
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ASUS [2009/03/21 23:36:59 | 00,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/20 23:27:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/23 12:46:37 | 00,000,425 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/04/23 12:46:40 | 00,000,390 | RHS- | M] () - G:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{4c46071f-e695-11dd-9a85-806d6172696f}\Shell - "" = Autorun
O33 - MountPoints2\{4c46071f-e695-11dd-9a85-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c46071f-e695-11dd-9a85-806d6172696f}\Shell\Open\command - "" = RECYCLER\S-1-7-34-100004210-100006660-100025024-5518.com g:\
O33 - MountPoints2\{7a9a6c5a-24f7-11de-9af4-00173fae8757}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{7a9a6c5a-24f7-11de-9af4-00173fae8757}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{950e4112-1479-11de-9ace-806d6172696f}\Shell - "" = Autorun
O33 - MountPoints2\{950e4112-1479-11de-9ace-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{950e4112-1479-11de-9ace-806d6172696f}\Shell\Open\command - "" = D:\RECYCLER\S-2-2-12-100022915-100003365-100000642-3707.com -- File not found
O33 - MountPoints2\{9e2d0f2e-e7ee-11dd-9a88-00110974e855}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{9e2d0f2e-e7ee-11dd-9a88-00110974e855}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{e346f03e-e648-11dd-9c26-806d6172696f}\Shell - "" = Autorun
O33 - MountPoints2\{e346f03e-e648-11dd-9c26-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e346f03e-e648-11dd-9c26-806d6172696f}\Shell\Open\command - "" = RECYCLER\S-1-7-34-100004210-100006660-100025024-5518.com c:\
O33 - MountPoints2\C\Shell - "" = Autorun
O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\C\Shell\Open\command - "" = C:\RECYCLER\S-8-7-26-100016707-100009341-100015856-3824.com -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/23 23:41:16 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\d0f5iwq3.exe
[2009/04/23 12:55:09 | 08,751,716 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\ISO1_DVD.nri
[2009/04/23 12:46:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Murray\Desktop\Nomad
[2009/04/23 12:46:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Murray\Desktop\Waves SSL
[2009/04/23 12:45:31 | 00,000,425 | RHS- | C] () -- C:\autorun.inf
[2009/04/23 11:43:41 | 01,077,254 | ---- | C] (NEC Corporation) -- C:\Documents and Settings\Murray\Desktop\K3500PB.exe
[2009/04/23 11:23:34 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Murray\Desktop\OTListIt2.exe
[2009/04/20 00:04:23 | 00,017,363 | ---- | C] () -- C:\Documents and Settings\Murray\My Documents\Bookmarks 2009-04-20.json
[2009/04/19 14:03:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Murray\Local Settings\Application Data\Ahead
[2009/04/19 01:47:17 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/19 01:16:50 | 00,001,737 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\HijackThis.lnk
[2009/04/19 01:16:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/19 01:16:40 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Murray\Desktop\HJTInstall.exe
[2009/04/19 01:03:32 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/19 01:03:32 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/19 01:03:30 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/19 01:03:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/19 00:44:12 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2009/04/19 00:34:08 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Murray\Desktop\mbam-setup.exe
[2009/04/18 12:53:12 | 00,001,242 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/04/18 12:52:40 | 01,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2009/04/18 12:52:40 | 00,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2009/04/18 12:52:40 | 00,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2009/04/18 12:52:40 | 00,364,544 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TwnLib4.dll
[2009/04/18 12:52:40 | 00,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2009/04/18 12:52:40 | 00,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2009/04/18 12:52:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/04/18 12:52:39 | 00,000,000 | ---D | C] -- C:\Program Files\Ahead
[2009/04/18 01:53:27 | 00,078,097 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\csi_ny-show.jpg
[2009/04/17 19:54:06 | 95,310,813 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\Hospital-Danny_Bryd_Supersized_Album-NHS139CD-WEB-2008.rar
[2009/04/17 19:25:11 | 00,194,044 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\hfgghf.JPG
[2009/04/17 14:29:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Murray\Desktop\EZ Drummer
[2009/04/17 14:28:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Murray\Desktop\Steinberg.Nuendo.3.2.0
[2009/04/13 01:15:56 | 00,115,957 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\3427237620_089df18ee8.jpg
[2009/04/12 23:43:36 | 00,833,044 | ---- | C] () -- C:\WINDOWS\Replicant VST plug-in Uninstaller.exe
[2009/04/12 23:42:51 | 00,106,471 | ---- | C] () -- C:\WINDOWS\Ratshack Ratverb Uninstaller.exe
[2009/04/12 23:41:25 | 00,833,025 | ---- | C] () -- C:\WINDOWS\PhaseTwo VST plug-in Uninstaller.exe
[2009/04/12 23:39:09 | 00,833,044 | ---- | C] () -- C:\WINDOWS\Discord 2 VST plug-in Uninstaller.exe
[2009/04/12 23:38:23 | 00,833,026 | ---- | C] () -- C:\WINDOWS\BigSeq VST plug-in Uninstaller.exe
[2009/04/12 13:55:06 | 00,010,068 | ---- | C] () -- C:\Documents and Settings\Murray\My Documents\I will not sleep.docx
[2009/04/11 22:17:31 | 00,507,175 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\Untitled-1.psd
[2009/04/10 22:14:05 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2009/04/07 11:22:37 | 00,016,347 | ---- | C] () -- C:\Documents and Settings\Murray\My Documents\Bookmarks 2009-04-07.json
[2009/04/07 00:27:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Murray\Application Data\Google
[2009/04/07 00:27:32 | 00,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/04/07 00:26:38 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/07 00:26:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Murray\Local Settings\Application Data\Google
[2009/04/07 00:24:44 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/04/04 19:22:39 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/04 19:22:18 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/04 19:22:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/04 19:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/04 13:42:37 | 03,314,461 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\NewSong040409.mp3
[2009/03/30 06:56:31 | 34,045,244 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\protoolswav.wav
[2009/03/29 22:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Murray\Desktop\New Folder (3)
[2009/03/27 10:52:15 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\Yuri's Revenge.lnk
[2009/03/27 10:52:15 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\Murray\Desktop\Red Alert 2.lnk
[2009/03/27 10:48:58 | 00,000,000 | ---D | C] -- C:\Program Files\Red Alert 2 Yuri's Revenge
[2009/03/26 01:39:41 | 00,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2009/03/26 01:39:41 | 00,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2009/03/26 01:39:41 | 00,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2009/03/26 01:39:35 | 00,045,056 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\Synsopos.exe
[2009/03/26 01:39:34 | 00,708,608 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SYNSOACC.dll
[2009/03/26 01:39:34 | 00,147,456 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SynsoLChk.dll
[2009/03/25 15:16:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Murray\Local Settings\Application Data\Native Instruments
[2009/03/25 15:15:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Murray\My Documents\Native Instruments
[2009/03/25 15:15:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2009/03/21 23:35:52 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/03/21 23:35:13 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009/02/22 14:25:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D7051.dll
[2009/02/22 14:25:45 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/02/11 11:53:01 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/02/11 11:52:56 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/11 11:52:56 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/11 11:52:46 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/11 11:52:46 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/28 23:33:32 | 00,041,472 | ---- | C] () -- C:\WINDOWS\System32\gceemjsq.dll
[2009/01/23 13:52:08 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/23 13:09:58 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\ssolemn.dll
[2009/01/23 13:09:58 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\solejttd.dll
[2009/01/23 13:09:57 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibsu.dll
[2009/01/23 13:09:57 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibrh.dll
[2009/01/23 13:09:57 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibpop.dll
[2009/01/23 13:09:57 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibjtd.dll
[2009/01/23 13:09:57 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibhe.dll
[2009/01/23 13:09:57 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibdd.dll
[2009/01/23 13:09:57 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibas.dll
[2009/01/23 13:09:57 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslhpt.dll
[2009/01/23 13:09:57 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sliblww.dll
[2009/01/23 13:09:57 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibjye.dll
[2009/01/23 13:05:11 | 00,339,968 | ---- | C] () -- C:\WINDOWS\System32\pspmcdx.dll
[2009/01/23 13:05:10 | 04,059,136 | ---- | C] () -- C:\WINDOWS\System32\PSP MasterComp.dll
[2009/01/23 13:01:02 | 06,475,776 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer2.dll
[2009/01/23 13:00:15 | 06,791,168 | ---- | C] () -- C:\WINDOWS\System32\PSP Xenon.dll
[2009/01/22 23:11:13 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/01/22 10:39:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/01/22 10:39:14 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/01/22 10:38:43 | 00,047,897 | ---- | C] () -- C:\WINDOWS\System32\AudCtrl.dll
[2009/01/22 10:38:42 | 00,004,501 | ---- | C] () -- C:\WINDOWS\System32\EXTIGY.INI
[2009/01/21 03:04:11 | 00,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/11/06 17:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 17:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 17:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 17:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/06 21:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/09/17 18:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/04 13:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 13:00:00 | 00,000,633 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 13:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/02/09 16:18:18 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/08/19 20:36:16 | 00,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2002/11/13 16:33:22 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\asus_tv_tune.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/04/24 10:05:04 | 00,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2009/04/24 10:05:04 | 00,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2009/04/24 10:05:04 | 00,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2009/04/24 10:05:04 | 00,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2009/04/24 10:05:04 | 00,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2009/04/24 10:05:04 | 00,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2009/04/24 10:05:04 | 00,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2009/04/24 10:05:04 | 00,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2009/04/24 10:05:04 | 00,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2009/04/24 10:05:04 | 00,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2009/04/24 10:05:04 | 00,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2009/04/24 09:14:30 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/24 09:04:59 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/24 00:23:30 | 00,065,024 | ---- | M] () -- C:\Documents and Settings\Murray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/23 23:41:16 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\d0f5iwq3.exe
[2009/04/23 19:35:57 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2009/04/23 19:35:57 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/04/23 19:35:57 | 00,000,032 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2009/04/23 17:05:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/23 17:05:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/23 12:55:14 | 08,751,716 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\ISO1_DVD.nri
[2009/04/23 12:48:30 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/23 12:46:37 | 00,000,425 | RHS- | M] () -- C:\autorun.inf
[2009/04/23 11:43:42 | 01,077,254 | ---- | M] (NEC Corporation) -- C:\Documents and Settings\Murray\Desktop\K3500PB.exe
[2009/04/23 11:23:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Murray\Desktop\OTListIt2.exe
[2009/04/20 22:24:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/20 00:04:24 | 00,017,363 | ---- | M] () -- C:\Documents and Settings\Murray\My Documents\Bookmarks 2009-04-20.json
[2009/04/19 01:16:50 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\HijackThis.lnk
[2009/04/19 01:16:43 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Murray\Desktop\HJTInstall.exe
[2009/04/19 01:03:32 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/19 00:34:34 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Murray\Desktop\mbam-setup.exe
[2009/04/18 12:53:12 | 00,001,242 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/04/18 01:53:28 | 00,078,097 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\csi_ny-show.jpg
[2009/04/17 19:57:19 | 95,310,813 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\Hospital-Danny_Bryd_Supersized_Album-NHS139CD-WEB-2008.rar
[2009/04/17 19:25:11 | 00,194,044 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\hfgghf.JPG
[2009/04/16 23:01:28 | 00,210,432 | -HS- | M] () -- C:\Documents and Settings\Murray\Desktop\Thumbs.db
[2009/04/13 10:03:13 | 01,574,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/13 01:15:57 | 00,115,957 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\3427237620_089df18ee8.jpg
[2009/04/12 23:43:36 | 00,833,044 | ---- | M] () -- C:\WINDOWS\Replicant VST plug-in Uninstaller.exe
[2009/04/12 23:42:51 | 00,106,471 | ---- | M] () -- C:\WINDOWS\Ratshack Ratverb Uninstaller.exe
[2009/04/12 23:41:25 | 00,833,025 | ---- | M] () -- C:\WINDOWS\PhaseTwo VST plug-in Uninstaller.exe
[2009/04/12 23:39:09 | 00,833,044 | ---- | M] () -- C:\WINDOWS\Discord 2 VST plug-in Uninstaller.exe
[2009/04/12 23:38:23 | 00,833,026 | ---- | M] () -- C:\WINDOWS\BigSeq VST plug-in Uninstaller.exe
[2009/04/12 13:55:07 | 00,010,068 | ---- | M] () -- C:\Documents and Settings\Murray\My Documents\I will not sleep.docx
[2009/04/12 13:44:19 | 00,010,752 | -HS- | M] () -- C:\Documents and Settings\Murray\My Documents\Thumbs.db
[2009/04/12 13:07:59 | 00,077,192 | ---- | M] () -- C:\Documents and Settings\Murray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/11 23:01:58 | 00,507,175 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\Untitled-1.psd
[2009/04/07 11:22:37 | 00,016,347 | ---- | M] () -- C:\Documents and Settings\Murray\My Documents\Bookmarks 2009-04-07.json
[2009/04/07 00:27:32 | 00,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 11:37:08 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/04 13:48:00 | 03,314,461 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\NewSong040409.mp3
[2009/03/30 06:57:12 | 34,045,244 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\protoolswav.wav
[2009/03/29 18:51:19 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/29 18:51:19 | 00,062,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/29 18:51:18 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/29 11:25:05 | 02,110,272 | -H-- | M] () -- C:\Documents and Settings\Murray\Local Settings\Application Data\IconCache.db
[2009/03/27 10:52:15 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\Yuri's Revenge.lnk
[2009/03/27 10:52:15 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\Murray\Desktop\Red Alert 2.lnk
< End of report >

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:40 PM

Posted 24 April 2009 - 10:43 AM

That's the one I needed. :thumbup2:


Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    O33 - MountPoints2\{4c46071f-e695-11dd-9a85-806d6172696f}\Shell\Open\command - "" = RECYCLER\S-1-7-34-100004210-100006660-100025024-5518.com g:\
    O33 - MountPoints2\{7a9a6c5a-24f7-11de-9af4-00173fae8757}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
    O33 - MountPoints2\{7a9a6c5a-24f7-11de-9af4-00173fae8757}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
    O33 - MountPoints2\{950e4112-1479-11de-9ace-806d6172696f}\Shell\Open\command - "" = D:\RECYCLER\S-2-2-12-100022915-100003365-100000642-3707.com -- File not found
    O33 - MountPoints2\{9e2d0f2e-e7ee-11dd-9a88-00110974e855}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
    O33 - MountPoints2\{9e2d0f2e-e7ee-11dd-9a88-00110974e855}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
    O33 - MountPoints2\{e346f03e-e648-11dd-9c26-806d6172696f}\Shell\Open\command - "" = RECYCLER\S-1-7-34-100004210-100006660-100025024-5518.com c:\
    O33 - MountPoints2\C\Shell\Open\command - "" = C:\RECYCLER\S-8-7-26-100016707-100009341-100015856-3824.com -- File not found
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

==================




Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:40 PM

Posted 14 May 2009 - 11:19 AM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users