Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I get another explorer.EXE in my taskmanager


  • This topic is locked This topic is locked
7 replies to this topic

#1 phxakguy

phxakguy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 15 July 2009 - 12:14 PM

Sometimes in the taskmanager I will have an explorer.exe and an explorer.EXE. The computer seems to be running slower than normal. I have ran spybot and Avira anti-virus. They did not find anything. PLEASE HELP THANK YOU


DDS (Ver_09-06-26.01) - NTFSx86
Run by chuck at 10:01:02.45 on Wed 07/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.96 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\HddLed\hddledd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\WinSpeedUp\WinSpeedUp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HddLed\hddled.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Documents and Settings\chuck\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\chuck\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [hddled.exe] c:\program files\hddled\hddled.exe s
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [WINSPEEDUP] c:\program files\winspeedup\WinSpeedUp.exe
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\mpcstar\codecs\quicktime\qtsystem\qttask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chuck\applic~1\mozilla\firefox\profiles\rbjapf0p.default\
FF - plugin: c:\documents and settings\chuck\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [2009-5-2 40496]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-29 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-29 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-29 55640]
R2 hddledd;hddledd;c:\program files\hddled\hddledd.exe [2008-4-20 49152]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-3-15 34064]
R3 JakNDisMP;JakNDisMP;c:\windows\system32\drivers\JakNDis.sys [2009-5-11 21504]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 cpuz130;cpuz130;\??\c:\docume~1\chuck\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\chuck\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 JakNDis;Jaksta Service;c:\windows\system32\drivers\JakNDis.sys [2009-5-11 21504]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-4-23 42112]

=============== Created Last 30 ================

2009-07-15 05:14 1,409 a------- c:\windows\QTFont.for
2009-07-15 05:14 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-15 01:10 119,808 -c------ c:\windows\system32\dllcache\t2embed.dll
2009-07-15 01:10 81,920 -c------ c:\windows\system32\dllcache\fontsub.dll
2009-07-13 13:46 <DIR> --d----- c:\program files\DVDFab 6
2009-07-13 05:46 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-07-13 05:45 <DIR> --d----- c:\windows\ERUNT
2009-07-12 18:48 <DIR> --d----- c:\program files\DVD Shrink
2009-07-08 19:49 <DIR> --d----- c:\program files\Uniblue
2009-07-08 19:43 82 a------- c:\windows\wininit.ini
2009-07-04 21:23 <DIR> --d----- c:\documents and settings\chuck\RECOVER
2009-07-04 20:48 <DIR> --d----- c:\program files\MozBackup
2009-07-03 06:50 <DIR> --d----- c:\program files\WMR11
2009-06-28 18:36 <DIR> --d----- c:\program files\WMCap
2009-06-28 18:19 <DIR> --d----- c:\program files\Yamb
2009-06-28 18:16 15,326,328 a------- C:\video_join.avi
2009-06-28 09:11 <DIR> --d----- C:\pebuilder3110a
2009-06-26 23:24 <DIR> --d----- c:\windows\system32\windows media
2009-06-26 23:24 <DIR> --d----- c:\windows\RegisteredPackages
2009-06-26 23:24 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-26 23:24 <DIR> --d----- c:\program files\Windows Media Components
2009-06-23 22:24 143,476,714 a------- C:\JOINED.avi
2009-06-23 22:24 19,647,477 a------- C:\JOINED.mp3
2009-06-23 22:21 164,393,619 a------- C:\JOINED.FLV
2009-06-18 17:44 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-06-18 17:40 266,360 a------- c:\windows\system32\TweakUI.exe
2009-06-18 17:40 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-06-17 03:01 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-16 18:48 <DIR> --d----- c:\program files\Avanquest update
2009-06-16 12:20 161,792 ---shr-- c:\windows\system32\RealMediaDX.ax
2009-06-16 12:20 107,520 ---shr-- c:\windows\system32\RLMPCDec.ax
2009-06-16 12:20 90,112 ---shr-- c:\windows\system32\TTADSSplitter.ax
2009-06-16 12:20 90,112 ---shr-- c:\windows\system32\TTADSDecoder.ax
2009-06-16 12:20 70,656 ---shr-- c:\windows\system32\RLAPEDec.ax
2009-06-16 12:20 216,064 ---shr-- c:\windows\system32\nbDX.dll
2009-06-16 12:20 120,832 ---shr-- c:\windows\system32\MPCDx.ax
2009-06-16 12:20 97,280 ---shr-- c:\windows\system32\FLACDX.ax
2009-06-16 12:20 31,232 ---shr-- c:\windows\system32\msfDX.dll
2009-06-15 23:11 <DIR> --d----- c:\docume~1\chuck\applic~1\ooVoo Details

==================== Find3M ====================

2009-07-15 05:28 903 a------- c:\program files\cports.cfg
2009-07-13 13:47 87,608 a------- c:\docume~1\chuck\applic~1\inst.exe
2009-07-13 13:47 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-07-13 13:47 47,360 a------- c:\docume~1\chuck\applic~1\pcouffin.sys
2009-07-13 05:22 1,529,241 a------- C:\SDFix.exe
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-26 00:37 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-15 19:36 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-05-15 19:36 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 14:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-28 02:47 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 11:00 47,616 a------- c:\program files\cports.exe
2006-05-03 02:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 03:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 05:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2009-04-05 21:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032320090330\index.dat
2009-04-05 21:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040520090406\index.dat

============= FINISH: 10:03:28.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 26 July 2009 - 03:57 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 phxakguy

phxakguy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 02 August 2009 - 03:21 AM

explorer.EXE in my taskmanager and the computer seems to be running slower than normal. If I end the explorer.EXE process in the taskmanager. Then run explorer in "new task" the taskmanager runs explorer.exe. The computer then starts running faster.

Please Help

:thumbup2:

Thank You


DDS (Ver_09-07-30.01) - NTFSx86
Run by chuck at 1:12:33.92 on Sun 08/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.332 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\HddLed\hddledd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\WinSpeedUp\WinSpeedUp.exe
C:\Program Files\HddLed\hddled.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\Documents and Settings\chuck\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [hddled.exe] c:\program files\hddled\hddled.exe s
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [WINSPEEDUP] c:\program files\winspeedup\WinSpeedUp.exe
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chuck\applic~1\mozilla\firefox\profiles\rbjapf0p.default\
FF - component: c:\documents and settings\chuck\application data\mozilla\firefox\profiles\rbjapf0p.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\chuck\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [2009-5-2 40496]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-29 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-29 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-29 55640]
R2 hddledd;hddledd;c:\program files\hddled\hddledd.exe [2008-4-20 49152]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-3-15 34064]
R3 JakNDisMP;JakNDisMP;c:\windows\system32\drivers\JakNDis.sys [2009-5-11 21504]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 cpuz130;cpuz130;\??\c:\docume~1\chuck\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\chuck\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 JakNDis;Jaksta Service;c:\windows\system32\drivers\JakNDis.sys [2009-5-11 21504]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-4-23 42112]

=============== Created Last 30 ================

2009-08-01 23:38 <DIR> --d----- c:\documents and settings\chuck\.zenmap
2009-07-31 21:22 <DIR> --d----- c:\program files\Aspect2
2009-07-29 20:52 754 a------- c:\windows\WORDPAD.INI
2009-07-29 20:08 17,408 -c------ c:\windows\system32\dllcache\corpol.dll
2009-07-29 18:00 <DIR> --d----- c:\docume~1\chuck\applic~1\asoftech
2009-07-29 18:00 <DIR> --d----- c:\program files\Asoftech
2009-07-27 01:55 <DIR> --d----- c:\docume~1\chuck\applic~1\Moyea
2009-07-27 01:54 <DIR> --d----- c:\program files\Moyea
2009-07-27 01:27 <DIR> --d----- c:\docume~1\chuck\applic~1\Jaksta
2009-07-26 00:01 <DIR> --d----- c:\program files\ooVoo
2009-07-25 04:49 <DIR> --d----- c:\docume~1\chuck\applic~1\VTExtra
2009-07-25 00:56 <DIR> --d----- C:\Downloads
2009-07-25 00:56 <DIR> --d----- c:\program files\BitComet
2009-07-15 19:13 157,712 a------- c:\windows\system32\drivers\tmcomm.sys
2009-07-15 15:26 <DIR> --d----- c:\documents and settings\chuck\.housecall6.6
2009-07-15 14:55 687,104 a------- c:\windows\isRS-000.tmp
2009-07-15 05:14 1,409 a------- c:\windows\QTFont.for
2009-07-15 05:14 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-15 01:10 119,808 -c------ c:\windows\system32\dllcache\t2embed.dll
2009-07-15 01:10 81,920 -c------ c:\windows\system32\dllcache\fontsub.dll
2009-07-13 13:46 <DIR> --d----- c:\program files\DVDFab 6
2009-07-13 05:46 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-07-13 05:45 <DIR> --d----- c:\windows\ERUNT
2009-07-12 18:48 <DIR> --d----- c:\program files\DVD Shrink
2009-07-08 19:43 82 a------- c:\windows\wininit.ini
2009-07-04 21:23 <DIR> --d----- c:\documents and settings\chuck\RECOVER
2009-07-04 20:48 <DIR> --d----- c:\program files\MozBackup
2009-07-03 06:50 <DIR> --d----- c:\program files\WMR11

==================== Find3M ====================

2009-07-24 21:03 903 a------- c:\program files\cports.cfg
2009-07-15 18:54 1,576 a------- c:\windows\system32\tmp.reg
2009-07-13 13:47 87,608 a------- c:\docume~1\chuck\applic~1\inst.exe
2009-07-13 13:47 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-07-13 13:47 47,360 a------- c:\docume~1\chuck\applic~1\pcouffin.sys
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 05:22 1,529,241 a------- C:\SDFix.exe
2009-06-29 09:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 09:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 09:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-26 00:37 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-15 19:36 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-05-15 19:36 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-15 11:00 47,616 a------- c:\program files\cports.exe
2006-05-03 02:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 03:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 05:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2009-04-05 21:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032320090330\index.dat
2009-04-05 21:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040520090406\index.dat

============= FINISH: 1:13:33.96 ===============

Edited by phxakguy, 02 August 2009 - 03:32 AM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:22 PM

Posted 02 August 2009 - 12:31 PM

Hello phxakguy,

I have merged your latest HiJack This topic to your previously existing topic which I reopened. Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom of the page.

Please DO NOT rely on the e-mail notification to alert you to responses. Instead, bookmark this page and check for responses once a day. Once your helper starts working with you, you may wish to check more often.

A HiJack This team member will be with you soon.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 03 August 2009 - 05:16 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

The log looks clean.

Let's try disabling an explorer extension with HijackThis next round.

First we'll need a more in depth scan.

Download and Run OTListIt
  • Please download OTListIt by OldTimer to your desktop.
  • Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTL.exe and select Run As Administrator.
  • Click Run Scan without changing any settings. When the scan is complete, a logfile will open.
  • Copy the contents of the log into your next reply. It will be saved as OTL.txt where OTL.exe is located. The Extra.txt is not needed.
With Regards,
The Panda

#6 phxakguy

phxakguy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 05 August 2009 - 04:12 AM

Here is the OTListIt log....

THANK YOU for YOUR HELP!!!!!!!

OTL logfile created on: 8/5/2009 1:55:28 AM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\chuck\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 320.50 Mb Available Physical Memory | 62.72% Memory free
1.22 Gb Paging File | 0.86 Gb Available in Paging File | 70.21% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.21 Gb Total Space | 68.80 Gb Free Space | 68.66% Space Free | Partition Type: NTFS
Drive D: | 282.35 Gb Total Space | 32.06 Gb Free Space | 11.35% Space Free | Partition Type: NTFS
Drive E: | 158.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 38.10 Gb Total Space | 8.92 Gb Free Space | 23.42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 186.31 Gb Total Space | 17.29 Gb Free Space | 9.28% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: chuck
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/06/09 04:26:52 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/09 04:26:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/11/22 15:12:34 | 01,333,016 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/04/20 13:21:36 | 00,049,152 | ---- | M] () -- C:\Program Files\HddLed\hddledd.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/04/20 13:21:42 | 00,803,840 | ---- | M] () -- C:\Program Files\HddLed\hddled.exe
PRC - [2001/08/17 15:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\devldr32.exe
PRC - [2008/04/13 17:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/07/28 15:32:22 | 00,830,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\chuck\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
PRC - [2009/07/28 15:32:22 | 00,830,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\chuck\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
PRC - [2009/07/28 15:32:22 | 00,830,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\chuck\Local Settings\Application

Data\Google\Chrome\Application\chrome.exe
PRC - [2009/08/05 01:35:07 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chuck\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/09 04:26:52 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto |

Running])
SRV - [2009/06/09 04:26:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe --

(aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe --

(clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/11/22 15:12:34 | 01,333,016 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper

[Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe --

(FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/20 13:21:36 | 00,049,152 | ---- | M] () -- C:\Program Files\HddLed\hddledd.exe -- (hddledd [Auto | Running])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto |

Stopped])
SRV - [2005/07/25 15:25:18 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device [On_Demand | Stopped])
SRV - [2009/07/18 11:34:32 | 00,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service

[Disabled | Stopped])
SRV - [2008/08/04 16:22:18 | 00,164,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc [Auto | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/04/29 06:02:52 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/04/29 06:02:52 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2001/08/17 05:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand |

Stopped])
DRV - [2001/08/17 05:11:42 | 00,029,696 | ---- | M] (CNet Technology, Inc. ) --

C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS -- (DM9102 [On_Demand | Running])
DRV - [2001/08/17 05:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running])
DRV - [2001/08/17 05:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running])
DRV - [2008/09/17 15:14:00 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2008/04/13 11:45:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/08/25 16:48:18 | 00,040,496 | ---- | M] (Paragon Software Group) -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3 [Boot | Running])
DRV - [2002/10/15 00:00:00 | 00,013,891 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr [Boot | Running])
DRV - [2002/10/15 00:00:00 | 00,101,431 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr [Boot | Running])
DRV - [2005/08/15 11:08:26 | 00,005,888 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv [Boot | Running])
DRV - [2005/08/15 11:08:26 | 00,127,488 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv [Boot | Running])
DRV - [2009/05/11 14:53:58 | 00,021,504 | ---- | M] (Jaksta LLC) -- C:\WINDOWS\System32\DRIVERS\JakNDis.sys -- (JakNDis [On_Demand | Stopped])
DRV - [2009/05/11 14:53:58 | 00,021,504 | ---- | M] (Jaksta LLC) -- C:\WINDOWS\System32\DRIVERS\JakNDis.sys -- (JakNDisMP [On_Demand | Running])
DRV - [2008/01/14 03:06:32 | 00,021,632 | ---- | M] (ManyCam LLC.) -- C:\WINDOWS\System32\DRIVERS\ManyCam.sys -- (ManyCam [On_Demand | Running])
DRV - [2009/05/08 11:56:12 | 00,042,752 | ---- | M] (Motorola Inc) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys -- (MotDev [On_Demand | Stopped])
DRV - [2009/01/29 17:15:54 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2008/04/13 11:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2009/03/15 13:13:10 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (npf [Auto | Running])
DRV - [2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009/07/13 13:47:04 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2001/08/23 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand |

Running])
DRV - [2009/01/26 18:35:40 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/03/15 03:25:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) --

C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2001/08/17 05:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\sfmanm.sys -- (sfman [On_Demand | Running])
DRV - [2009/06/09 04:26:53 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2008/09/26 17:06:24 | 00,032,048 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\DRIVERS\UimBus.sys -- (UimBus [System | Running])
DRV - [2008/09/26 17:06:24 | 00,129,824 | ---- | M] (Paragon) -- C:\WINDOWS\System32\Drivers\Uim_IM.sys -- (Uim_IM [System | Running])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/08/04 16:22:20 | 01,964,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\VX3000.sys -- (VX3000 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.08
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..extensions.enabledItems: Office2007Black@JBBS:1.4.0
FF - prefs.js..network.proxy.backup.ftp: "217.110.205.61"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "217.110.205.61"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "217.110.205.61"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "217.110.205.61"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "194.36.10.154"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "194.36.10.154"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "194.36.10.154"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "194.36.10.154"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "194.36.10.154"
FF - prefs.js..network.proxy.ssl_port: 3127


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation

Foundation\DotNetAssistantExtension\ [2009/06/23 19:36:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/06 12:22:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/25 00:56:33 | 00,000,000 |

---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/25 00:56:33 | 00,000,000 | ---D | M]

[2009/07/04 21:45:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application Data\mozilla\Extensions
[2009/07/04 21:45:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/31 22:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application Data\mozilla\Firefox\Profiles\rbjapf0p.default\extensions
[2009/07/04 21:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application

Data\mozilla\Firefox\Profiles\rbjapf0p.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/07/04 21:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application

Data\mozilla\Firefox\Profiles\rbjapf0p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/04 21:44:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application

Data\mozilla\Firefox\Profiles\rbjapf0p.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/07/25 00:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application

Data\mozilla\Firefox\Profiles\rbjapf0p.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/07/25 00:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application

Data\mozilla\Firefox\Profiles\rbjapf0p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/04 21:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application

Data\mozilla\Firefox\Profiles\rbjapf0p.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/07/19 05:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application

Data\mozilla\Firefox\Profiles\rbjapf0p.default\extensions\brief@mozdev.org
[2009/07/31 22:49:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application

Data\mozilla\Firefox\Profiles\rbjapf0p.default\extensions\Office2007Black@JBBS
[2009/07/04 21:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application

Data\mozilla\Firefox\Profiles\rbjapf0p.default\extensions\openinie@wittersworld.com
[2009/07/30 18:25:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chuck\Application

Data\mozilla\Firefox\Profiles\rbjapf0p.default\extensions\searchrecs@veoh.com
[2009/07/31 22:52:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/04 21:44:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/04 21:12:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/08 18:04:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/02 20:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/02 20:00:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/11 00:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/02 20:01:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/02 16:18:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/02 16:18:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/02 16:18:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/02 16:18:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/02 16:18:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/02 16:18:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/02 16:18:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (318385 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10922 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe

Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking

Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun

Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh

Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

(Veoh Networks)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMCTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WINSPEEDUP] C:\Program Files\WinSpeedUp\WinSpeedUp.exe (Script Soft eK - www.scriptsoft.de)
O4 - HKCU..\Run: [hddled.exe] C:\Program Files\HddLed\hddled.exe ()
O4 - HKCU..\Run: [P2kAutostart] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 92
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 03 FE FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft

Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro

ActiveX Scan Agent 6.6)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab (Windows Live Safety Center

Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/virtualmark/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft

Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft

Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft

Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/03/28 21:11:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/09 12:22:50 | 00,000,202 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\hbcd\wintools\autorun.exe -- [2009/02/07 14:39:51 | 00,010,240 | R--- | M] ()
O33 - MountPoints2\E\Shell\Option1\Command - "" = E:\hbcd\wintools\autorun.exe -- [2009/02/07 14:39:51 | 00,010,240 | R--- | M] ()
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2009/08/05 01:35:06 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\chuck\Desktop\OTL.exe
[2009/08/04 20:46:58 | 49,904,8488 | ---- | C] () -- C:\Documents and Settings\chuck\Desktop\video (7)_all.avi
[2009/08/02 17:57:17 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2009/08/02 17:57:16 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/08/02 17:57:09 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2009/08/02 17:56:27 | 01,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2009/08/02 17:56:27 | 00,023,680 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2009/08/02 17:56:25 | 00,042,752 | ---- | C] (Motorola Inc) -- C:\WINDOWS\System32\drivers\motodrv.sys
[2009/08/02 01:08:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chuck\Application Data\gtk-2.0
[2009/07/31 21:22:50 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\chuck\Desktop\Aspect.lnk
[2009/07/31 21:22:49 | 00,000,000 | ---D | C] -- C:\Program Files\Aspect2
[2009/07/31 19:31:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chuck\Desktop\ProcessExplorer
[2009/07/31 13:42:13 | 01,618,978 | ---- | C] () -- C:\Documents and Settings\chuck\Desktop\LORIS CD.rtf
[2009/07/30 04:47:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chuck\Desktop\amr
[2009/07/29 22:02:28 | 15,591,1771 | ---- | C] () -- C:\Documents and Settings\chuck\Desktop\lies2-wmv.wmv
[2009/07/29 20:52:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/29 20:08:31 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/07/29 18:00:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chuck\Application Data\asoftech
[2009/07/29 18:00:33 | 00,000,000 | ---D | C] -- C:\Program Files\Asoftech
[2009/07/29 16:59:38 | 00,001,352 | ---- | C] () -- C:\Documents and Settings\chuck\My Documents\AutoHotkey.ahk
[2009/07/27 01:55:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chuck\My Documents\Moyea
[2009/07/27 01:55:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chuck\Application Data\Moyea
[2009/07/27 01:54:29 | 00,000,000 | ---D | C] -- C:\Program Files\Moyea
[2009/07/27 01:27:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chuck\Application Data\Jaksta
[2009/07/26 00:01:25 | 00,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2009/07/25 04:49:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chuck\Application Data\VTExtra
[2009/07/25 04:47:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chuck\Local Settings\Application Data\VTShared
[2009/07/25 00:56:50 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/07/25 00:56:20 | 00,000,000 | ---D | C] -- C:\Program Files\BitComet
[2009/07/15 19:13:06 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/07/15 05:14:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chuck\Local Settings\Application Data\Apple Computer
[2009/07/15 05:14:18 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/07/15 05:14:17 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/07/15 01:14:39 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 01:10:59 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/07/15 01:10:59 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/07/13 13:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chuck\My Documents\DVDFab
[2009/07/13 13:46:18 | 00,000,000 | ---D | C] -- C:\Program Files\DVDFab 6
[2009/07/13 12:51:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/07/13 05:46:26 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/07/13 05:45:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/07/12 18:48:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/07/12 18:48:41 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2009/07/10 20:55:58 | 00,598,016 | ---- | C] (nanoCom Corporation) -- C:\WINDOWS\System32\ncVEAudio.dll
[2009/07/10 20:55:58 | 00,344,064 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\ssa3d30.ocx
[2009/07/10 20:55:58 | 00,155,648 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSecure2.dll
[2009/07/10 20:55:58 | 00,155,648 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartCertificate.dll
[2009/07/10 20:55:58 | 00,147,456 | ---- | C] (nanoCom Corp.) -- C:\WINDOWS\System32\ncPopup2.dll
[2009/07/10 20:55:58 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\ncvDS61.dll
[2009/07/10 20:55:58 | 00,112,752 | ---- | C] (devSoft Inc. - www.dev-soft.com) -- C:\WINDOWS\System32\mime40.ocx
[2009/07/10 20:55:58 | 00,094,208 | ---- | C] (nanoCom Corporation) -- C:\WINDOWS\System32\ncImageList2.ocx
[2009/07/10 20:55:58 | 00,090,112 | ---- | C] (Eduardo A. Morcillo) -- C:\WINDOWS\System32\axcolctl.ocx
[2009/07/10 20:55:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ncUtil62.dll
[2009/07/10 20:55:58 | 00,040,960 | ---- | C] (nanoCom Corporation) -- C:\WINDOWS\System32\ncSSTimer2.dll
[2009/07/10 20:55:57 | 02,183,168 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoCompress.dll
[2009/07/10 20:55:57 | 00,336,928 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\SSTree.ocx
[2009/07/10 20:55:57 | 00,315,392 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2009/07/10 20:55:57 | 00,307,200 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2009/07/10 20:55:57 | 00,286,720 | ---- | C] (nanoCom Corporation) -- C:\WINDOWS\System32\ncRichEdit.ocx
[2009/07/10 20:55:57 | 00,266,309 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartWebASP.dll
[2009/07/10 20:55:57 | 00,241,664 | ---- | C] (DBI Technologies Inc.) -- C:\WINDOWS\System32\ctlist.ocx
[2009/07/10 20:55:57 | 00,221,184 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSock.dll
[2009/07/10 20:55:57 | 00,180,224 | ---- | C] (nanoCom Corporation) -- C:\WINDOWS\System32\ncvul60.dll
[2009/07/10 20:55:57 | 00,172,032 | ---- | C] (nanoCom Corporation) -- C:\WINDOWS\System32\ncvul70.dll
[2009/07/10 20:55:57 | 00,155,648 | ---- | C] (nanoCom Corp) -- C:\WINDOWS\System32\ncXPButton.ocx
[2009/07/10 20:55:57 | 00,118,784 | ---- | C] (nanoCom Corporation) -- C:\WINDOWS\System32\ncRichEditUtility.dll
[2009/07/10 20:55:57 | 00,114,688 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartWebUtil.dll
[2009/07/10 20:55:57 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\ncCompress.dll
[2009/07/10 20:55:57 | 00,086,016 | ---- | C] (nanoCom Corporation) -- C:\WINDOWS\System32\ncvvfw61.dll
[2009/07/10 20:55:57 | 00,053,248 | ---- | C] (nanoCom Corporation) -- C:\WINDOWS\System32\ncIM.dll
[2009/07/10 20:55:57 | 00,040,960 | ---- | C] (nanoCom Corporation) -- C:\WINDOWS\System32\ncHTTP.dll
[2009/07/10 20:55:56 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009/07/10 20:55:56 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nczlib.dll
[2009/07/10 20:55:56 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib32.dll
[2009/07/08 19:43:34 | 00,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/08 18:04:16 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/08 18:04:16 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/08 18:04:16 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/08 04:42:57 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\chuck\Local Settings\Application Data\housecall.guid.cache
[2009/06/15 09:39:03 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2009/06/15 09:39:03 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[2009/06/15 09:39:03 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2009/06/15 09:39:03 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2009/06/15 09:39:03 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2009/06/15 09:39:01 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2009/06/15 09:39:01 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2009/06/15 09:39:01 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2009/06/05 19:56:13 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/05 19:56:12 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/20 19:47:14 | 00,000,028 | ---- | C] () -- C:\WINDOWS\Systems.ini
[2009/05/18 18:21:52 | 00,000,025 | ---- | C] () -- C:\WINDOWS\MotoSkin.INI
[2009/05/16 00:23:40 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/02 17:59:46 | 00,000,635 | ---- | C] () -- C:\WINDOWS\asfbinapp.INI
[2009/05/02 10:46:06 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/09 21:04:42 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/03/29 21:21:16 | 00,146,224 | ---- | C] () -- C:\WINDOWS\System32\LCCoin11.dll
[2009/03/29 21:21:16 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/03/15 13:13:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/11/06 09:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 09:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/10/22 12:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/04/30 00:34:04 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/13 23:18:24 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/13 23:18:24 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/13 23:18:24 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2003/07/28 15:19:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/07/28 15:19:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2001/08/23 05:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/08/05 01:35:07 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chuck\Desktop\OTL.exe
[2009/08/04 20:47:17 | 49,904,8488 | ---- | M] () -- C:\Documents and Settings\chuck\Desktop\video (7)_all.avi
[2009/08/04 19:44:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/04 19:44:44 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/04 19:44:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/04 19:44:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/04 00:37:00 | 11,758,488 | -H-- | M] () -- C:\Documents and Settings\chuck\Local Settings\Application Data\IconCache.db
[2009/08/02 17:57:17 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2009/08/02 17:57:16 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/08/02 06:12:07 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-884357618-725345543-1003Core.job
[2009/08/01 23:32:40 | 00,318,385 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/08/01 19:14:16 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/31 21:29:30 | 00,000,635 | ---- | M] () -- C:\WINDOWS\asfbinapp.INI
[2009/07/31 21:22:51 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\chuck\Desktop\Aspect.lnk
[2009/07/31 13:42:13 | 01,618,978 | ---- | M] () -- C:\Documents and Settings\chuck\Desktop\LORIS CD.rtf
[2009/07/30 00:02:03 | 00,001,770 | -H-- | M] () -- C:\Documents and Settings\chuck\My Documents\Default.rdp
[2009/07/29 20:52:04 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/29 20:09:13 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/26 21:25:32 | 15,591,1771 | ---- | M] () -- C:\Documents and Settings\chuck\Desktop\lies2-wmv.wmv
[2009/07/24 21:03:47 | 00,000,903 | ---- | M] () -- C:\Program Files\cports.cfg
[2009/07/19 19:03:04 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 19:03:04 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 10:18:14 | 02,588,801 | ---- | M] () -- C:\Documents and Settings\chuck\Desktop\IB-DVD_1080P9_XSA-BM-0403.pdf
[2009/07/19 06:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 06:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 06:21:44 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/16 22:27:54 | 00,317,577 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090801-233240.backup
[2009/07/15 18:54:51 | 00,001,576 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/07/15 18:54:45 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090716-222754.backup
[2009/07/15 05:14:18 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/07/15 05:14:18 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/07/13 13:47:04 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\chuck\Application Data\inst.exe
[2009/07/13 13:47:04 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/07/13 13:47:04 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\chuck\Application Data\pcouffin.sys
[2009/07/13 13:47:04 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\chuck\Application Data\pcouffin.cat
[2009/07/13 13:47:04 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\chuck\Application Data\pcouffin.inf
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:46:27 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/07/13 05:22:55 | 01,529,241 | ---- | M] () -- C:\SDFix.exe
[2009/07/12 05:57:22 | 00,083,456 | ---- | M] () -- C:\Documents and Settings\chuck\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 19:43:34 | 00,000,082 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/07/08 18:49:09 | 00,316,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090708-185641.backup
[2009/07/08 04:42:57 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\chuck\Local Settings\Application Data\housecall.guid.cache
[2009/07/07 08:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 05 August 2009 - 07:28 AM

Hello.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Do not use the NTREGOPT that comes with the installation package.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. If you are using Windows Vista, right click the icon and select "Run As Administrator." Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes only if you are using Windows XP. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished, you may, remove ERUNT using Add/Remove Programs.

Download, Install, and Save Log with HijackThis
  • Download the installer HERE onto your desktop and double click it.
  • You may be asked for confirmation for running an executable file. Select Run.
  • You will be asked choose the install location. Please leave it at the default:
    C:\Program Files\Trend Micro\HijackThis.
  • Select Install.
  • The installation process should only take a few seconds. A shortcut named HijackThis will be created on your desktop so there will be no need to access the HijackThis program directly. The HijackThis window will pop-up after the installation.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • To the left of each entry you will see a box.Put a checkmark next to the following entries:

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • Close HijackThis.
Restart your computer.

Does that fix it?

With Regards,
The Panda

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 10 August 2009 - 08:05 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users