Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV pRo rogue requested DDS log


  • This topic is locked This topic is locked
14 replies to this topic

#1 TCel

TCel

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 28 November 2009 - 10:12 PM

This is the link to my post in the "Am I infected forum":
My original post

Here is the DDS log:


DDS (Ver_09-11-29.01) - NTFSx86
Run by Nicola at 19:05:52.35 on Sat 11/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.672 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Nicola\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://by112w.bay112.mail.live.com/mail/TodayLight.aspx?n=1182810025&wa=wsignin1.0&n=1376198086
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090113
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Download Guard for Internet Explorer: {20c1a7f0-528e-444f-bac5-5804a61cca7f} - d:\program files\lavasoft\download guard for internet explorer\DownloadGuardBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [WLSS] c:\program files\wireless select switch\WLSS.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E6EF5071-7647-4E85-9785-87B6CF5CB561} - {C92041C1-6D22-4069-BA0E-66246AA752B0}
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: riwakabe.dll c:\windows\system32\wikufalu.dll
SSODL: guvomegeg - {799e3bdf-256c-4d8a-bc05-e24b3e6a66a0} - No File
SSODL: fisojohov - {62ae4edd-2e00-413a-8b88-a81fa8c1705e} - No File
SSODL: seyivijip - {06b66e62-1c26-4e3c-951e-151a86068871} - No File
STS: {799e3bdf-256c-4d8a-bc05-e24b3e6a66a0} - No File
STS: {62ae4edd-2e00-413a-8b88-a81fa8c1705e} - No File
STS: {06b66e62-1c26-4e3c-951e-151a86068871} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli bekehutu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nicola\applic~1\mozilla\firefox\profiles\ucd80w44.default\
FF - component: c:\program files\avg\firefox\components\avgssff.dll
FF - component: c:\program files\avg\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-1-12 14248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-10 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-11 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-11 74480]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-12 93968]
R3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [2009-1-12 148056]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [2009-1-12 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [2009-1-12 269760]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-2-10 31616]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-11 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"d:\program files\lavasoft\ad-aware\aawservice.exe" --> d:\program files\lavasoft\ad-aware\AAWService.exe [?]

=============== Created Last 30 ================

2009-11-25 01:40:17 2458 ----a-w- c:\windows\system32\tmp.reg
2009-11-24 05:50:26 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-24 05:49:02 0 d--h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-20 06:12:14 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-20 06:11:26 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-20 06:11:26 0 d-----w- c:\docume~1\nicola\applic~1\SUPERAntiSpyware.com
2009-11-20 06:10:26 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-20 01:37:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 01:37:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 01:37:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-13 03:04:29 0 d-----w- c:\program files\AVG
2009-11-12 06:08:39 98816 ----a-w- c:\windows\sed.exe
2009-11-12 06:08:39 77312 ----a-w- c:\windows\MBR.exe
2009-11-12 06:08:39 267264 ----a-w- c:\windows\PEV.exe
2009-11-12 06:08:39 161792 ----a-w- c:\windows\SWREG.exe
2009-11-12 06:02:23 0 d-----w- c:\program files\Trend Micro
2009-11-11 04:34:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-11 04:21:24 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-11 04:20:59 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-11 04:14:33 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BB36BADD-522D-4988-B24C-0D9C7F8078A1}
2009-11-09 15:55:14 0 d-----w- c:\docume~1\nicola\applic~1\Malwarebytes
2009-11-09 15:53:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-07 16:22:33 0 d-----w- C:\Google
2009-11-05 02:34:26 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-11-05 02:34:26 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-11-05 02:34:26 1060864 ----a-w- c:\windows\system32\MFC71.dll

==================== Find3M ====================

2009-11-26 16:55:47 38 ----a-w- c:\documents and settings\nicola\jagex_runescape_preferences.dat
2009-11-26 16:26:33 63 ----a-w- c:\documents and settings\nicola\jagex_runescape_preferences2.dat
2009-11-25 22:35:19 2054 ----a-w- c:\docume~1\nicola\applic~1\wklnhst.dat
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-01-13 01:38:22 75 --sh--r- c:\windows\CT4CET.bin

============= FINISH: 19:06:17.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:26 PM

Posted 09 December 2009 - 12:10 PM

Hi,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Then please post back here with the following logs:
  • OTListIt.txt
  • Extra.txt
Thanks

unite.jpg


#3 TCel

TCel
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 December 2009 - 10:35 AM

This is the contents of otl.txt:

OTL logfile created on: 12/10/2009 7:17:47 AM - Run 1
OTL by OldTimer - Version 3.1.14.0 Folder = C:\Documents and Settings\Nicola\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 676.06 Mb Available Physical Memory | 66.65% Memory free
1.19 Gb Paging File | 0.88 Gb Available in Paging File | 73.74% Paging File free
Paging file location(s): C:\pagefile.sys 300 300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.11 Gb Total Space | 0.34 Gb Free Space | 4.81% Space Free | Partition Type: NTFS
Drive D: | 14.96 Gb Total Space | 13.99 Gb Free Space | 93.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELLMINI
Current User Name: Nicola
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/10 07:16:28 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicola\Desktop\OTL.exe
PRC - [2009/11/23 21:54:42 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/26 21:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/06/03 13:46:38 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/04 19:47:38 | 00,623,912 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2008/10/04 11:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/17 19:28:58 | 00,546,088 | ---- | M] (Dell) -- C:\Program Files\Wireless Select Switch\WLSS.exe
PRC - [2008/07/13 19:02:16 | 01,343,488 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/07/13 16:52:02 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/07/13 16:51:48 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2008/07/13 15:59:12 | 16,876,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/12/10 07:16:28 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicola\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/17 17:01:48 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/12 17:39:03 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/04 11:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2004/10/22 01:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/11 10:44:50 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/11 10:44:48 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/11 10:44:46 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/23 04:55:24 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/11/10 18:39:02 | 01,287,552 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/10 15:03:38 | 00,269,760 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OA004Vid.sys -- (OA004Vid)
DRV - [2008/11/10 15:03:38 | 00,144,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OA004Ufd.sys -- (OA004Ufd)
DRV - [2008/11/10 15:03:36 | 00,148,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OA004Afx.sys -- (OA004Afx)
DRV - [2008/11/04 18:24:58 | 00,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2008/07/13 19:02:12 | 00,225,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/13 16:55:40 | 00,106,368 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/13 16:52:08 | 05,854,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/07/13 16:02:52 | 00,093,968 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/07/13 15:59:14 | 04,745,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 04:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 04:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 04:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2007/01/15 17:57:08 | 00,031,616 | ---- | M] () -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2001/08/17 18:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 17:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 17:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 17:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 17:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 17:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 17:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 17:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 17:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 17:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090113
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090113


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090113
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090113
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3765838937-3917854033-93612233-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://by112w.bay112.mail.live.com/mail/To...mp;n=1376198086
IE - HKU\S-1-5-21-3765838937-3917854033-93612233-1006\S-1-5-21-3765838937-3917854033-93612233-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: avg@igeared:2.710.016.005
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/15 14:01:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/15 14:01:48 | 00,000,000 | ---D | M]

[2009/10/27 18:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicola\Application Data\Mozilla\Extensions
[2009/11/10 22:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicola\Application Data\Mozilla\Firefox\Profiles\ucd80w44.default\extensions
[2009/11/15 14:01:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Guard for Internet Explorer) - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - D:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll (Lavasoft AB)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3765838937-3917854033-93612233-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe (Dell)
O4 - HKU\S-1-5-21-3765838937-3917854033-93612233-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3765838937-3917854033-93612233-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3765838937-3917854033-93612233-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3765838937-3917854033-93612233-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3765838937-3917854033-93612233-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3765838937-3917854033-93612233-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3765838937-3917854033-93612233-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3765838937-3917854033-93612233-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applicatio...torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (riwakabe.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\wikufalu.dll) - C:\WINDOWS\System32\wikufalu.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: fisojohov - {62ae4edd-2e00-413a-8b88-a81fa8c1705e} - CLSID or File not found.
O21 - SSODL: guvomegeg - {799e3bdf-256c-4d8a-bc05-e24b3e6a66a0} - CLSID or File not found.
O21 - SSODL: seyivijip - {06b66e62-1c26-4e3c-951e-151a86068871} - CLSID or File not found.
O22 - SharedTaskScheduler: {06b66e62-1c26-4e3c-951e-151a86068871} - mujuzedij - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {62ae4edd-2e00-413a-8b88-a81fa8c1705e} - gahurihor - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {799e3bdf-256c-4d8a-bc05-e24b3e6a66a0} - kupuhivus - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:45:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/04 07:20:28 | 00,000,155 | -H-- | M] () - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/10 07:16:24 | 00,537,600 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicola\Desktop\OTL.exe
[2009/11/24 17:39:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicola\Desktop\SmitfraudFix
[2009/11/24 07:24:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/24 07:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/24 07:19:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/24 07:19:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/23 21:49:03 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/11/23 21:49:02 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/19 22:12:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/19 22:11:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicola\Application Data\SUPERAntiSpyware.com
[2009/11/19 22:11:26 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/19 22:10:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/19 17:37:14 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/19 17:37:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/19 17:37:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/16 22:33:58 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Nicola\Recent
[2009/11/15 12:13:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/11/12 19:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/11 22:08:39 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/11 22:08:39 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/11 22:08:39 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/11 22:08:39 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/11 22:08:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/11 22:07:53 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/11 22:02:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/10 20:21:24 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/11/10 20:20:59 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/10 20:14:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BB36BADD-522D-4988-B24C-0D9C7F8078A1}
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/10 07:16:28 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicola\Desktop\OTL.exe
[2009/12/10 07:09:37 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 07:09:36 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 07:09:35 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 07:05:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/10 07:05:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/09 23:36:06 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Nicola\ntuser.ini
[2009/12/09 23:36:05 | 02,772,992 | ---- | M] () -- C:\Documents and Settings\Nicola\ntuser.dat
[2009/12/09 23:35:55 | 03,227,598 | -H-- | M] () -- C:\Documents and Settings\Nicola\Local Settings\Application Data\IconCache.db
[2009/12/09 23:35:44 | 00,000,039 | ---- | M] () -- C:\Documents and Settings\Nicola\jagex_runescape_preferences.dat
[2009/12/09 23:14:56 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Nicola\jagex_runescape_preferences2.dat
[2009/12/09 22:02:42 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\Nicola\My Documents\RK Level up.wps
[2009/12/09 22:02:42 | 00,002,054 | ---- | M] () -- C:\Documents and Settings\Nicola\Application Data\wklnhst.dat
[2009/12/08 20:21:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/28 17:24:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/25 14:35:19 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\Nicola\My Documents\WOD Terren Skill goals.wps
[2009/11/25 13:37:10 | 00,002,458 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/25 13:37:04 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/24 17:38:59 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\SmitfraudFix.exe
[2009/11/24 07:17:05 | 00,010,466 | ---- | M] () -- C:\Documents and Settings\Nicola\My Documents\cc_20091124_071606.reg
[2009/11/19 22:11:54 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/19 17:37:21 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/16 19:25:36 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\kalozevi
[2009/11/15 14:02:01 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/12 18:40:42 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/11 22:31:40 | 00,001,477 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Windows Explorer.LNK
[2009/11/11 22:24:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/11 20:32:35 | 00,028,985 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Runescape.url
[2009/11/11 19:47:38 | 00,000,200 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\World of Dungeons.url
[2009/11/11 19:46:39 | 00,000,973 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\eRepublik.url
[2009/11/11 17:39:49 | 00,001,536 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Free Farm Game.url
[2009/11/11 17:23:09 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\CCleaner.lnk
[2009/11/10 21:54:24 | 00,030,692 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Enchanted Island.url
[2009/11/10 21:52:26 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/10 21:52:25 | 00,000,531 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/10 21:11:48 | 00,000,124 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\RK Direct.url
[2009/11/10 20:20:50 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/10 20:17:35 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 17:40:17 | 00,002,458 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/24 17:38:59 | 01,872,472 | ---- | C] () -- C:\Documents and Settings\Nicola\Desktop\SmitfraudFix.exe
[2009/11/24 07:16:13 | 00,010,466 | ---- | C] () -- C:\Documents and Settings\Nicola\My Documents\cc_20091124_071606.reg
[2009/11/20 19:31:11 | 02,772,992 | ---- | C] () -- C:\Documents and Settings\Nicola\ntuser.dat
[2009/11/19 22:11:54 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/19 17:37:21 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/15 14:02:01 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/11 22:08:39 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/11 22:08:39 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/11 22:08:39 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/11 22:08:39 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/11 22:08:39 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/11 17:23:09 | 00,000,569 | ---- | C] () -- C:\Documents and Settings\Nicola\Desktop\CCleaner.lnk
[2009/11/10 20:34:42 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/02 20:48:10 | 00,002,054 | ---- | C] () -- C:\Documents and Settings\Nicola\Application Data\wklnhst.dat
[2009/02/10 22:02:34 | 00,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/01/12 18:44:29 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/01/12 18:42:08 | 00,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/01/12 17:47:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/12 17:16:22 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2008/04/25 17:42:57 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
< End of report >
[2009/12/10 07:16:28 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicola\Desktop\OTL.exe
[2009/12/10 07:09:37 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 07:09:36 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 07:09:35 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 07:05:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/10 07:05:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/09 23:36:06 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Nicola\ntuser.ini
[2009/12/09 23:36:05 | 02,772,992 | ---- | M] () -- C:\Documents and Settings\Nicola\ntuser.dat
[2009/12/09 23:35:55 | 03,227,598 | -H-- | M] () -- C:\Documents and Settings\Nicola\Local Settings\Application Data\IconCache.db
[2009/12/09 23:35:44 | 00,000,039 | ---- | M] () -- C:\Documents and Settings\Nicola\jagex_runescape_preferences.dat
[2009/12/09 23:14:56 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Nicola\jagex_runescape_preferences2.dat
[2009/12/09 22:02:42 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\Nicola\My Documents\RK Level up.wps
[2009/12/09 22:02:42 | 00,002,054 | ---- | M] () -- C:\Documents and Settings\Nicola\Application Data\wklnhst.dat
[2009/12/08 20:21:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/28 17:24:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/25 14:35:19 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\Nicola\My Documents\WOD Terren Skill goals.wps
[2009/11/25 13:37:10 | 00,002,458 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/24 17:38:59 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\SmitfraudFix.exe
[2009/11/24 07:25:24 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/11/24 07:24:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/24 07:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/24 07:19:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicola\Local Settings\Application Data\Microsoft
[2009/11/24 07:19:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Nicola\Application Data\Microsoft
[2009/11/24 07:19:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/24 07:19:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/24 07:17:05 | 00,010,466 | ---- | M] () -- C:\Documents and Settings\Nicola\My Documents\cc_20091124_071606.reg
[2009/11/23 21:54:42 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/11/23 21:49:02 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/23 21:19:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/11/21 09:12:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/11/19 22:12:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/19 22:11:54 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/19 22:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicola\Application Data\SUPERAntiSpyware.com
[2009/11/19 22:10:26 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/19 22:10:26 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/11/19 17:37:23 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/19 17:37:21 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/16 19:25:36 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\kalozevi
[2009/11/15 14:02:01 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/15 13:51:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/11/12 19:03:46 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files\Microsoft Shared
[2009/11/11 22:31:40 | 00,001,477 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Windows Explorer.LNK
[2009/11/11 22:24:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/11 22:02:23 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/11/11 20:32:35 | 00,028,985 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Runescape.url
[2009/11/11 19:47:38 | 00,000,200 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\World of Dungeons.url
[2009/11/11 19:46:39 | 00,000,973 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\eRepublik.url
[2009/11/11 17:39:49 | 00,001,536 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Free Farm Game.url
[2009/11/11 17:23:09 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\CCleaner.lnk
[2009/11/10 21:54:24 | 00,030,692 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Enchanted Island.url
[2009/11/10 21:52:25 | 00,000,531 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/10 21:11:48 | 00,000,124 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\RK Direct.url
[2009/11/10 20:20:50 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/10 20:14:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BB36BADD-522D-4988-B24C-0D9C7F8078A1}
[2009/10/18 12:10:52 | 00,035,168 | ---- | M] () -- C:\Documents and Settings\Nicola\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/04/25 05:39:02 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Nicola\Application Data\desktop.ini
[2008/04/25 05:39:02 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

========== Files - Modified Within 30 Days ==========

[2009/12/10 07:16:28 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicola\Desktop\OTL.exe
[2009/12/10 07:09:37 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 07:09:36 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 07:09:35 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 07:05:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/10 07:05:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/09 23:36:06 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Nicola\ntuser.ini
[2009/12/09 23:36:05 | 02,772,992 | ---- | M] () -- C:\Documents and Settings\Nicola\ntuser.dat
[2009/12/09 23:35:55 | 03,227,598 | -H-- | M] () -- C:\Documents and Settings\Nicola\Local Settings\Application Data\IconCache.db
[2009/12/09 23:35:44 | 00,000,039 | ---- | M] () -- C:\Documents and Settings\Nicola\jagex_runescape_preferences.dat
[2009/12/09 23:14:56 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Nicola\jagex_runescape_preferences2.dat
[2009/12/09 22:02:42 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\Nicola\My Documents\RK Level up.wps
[2009/12/09 22:02:42 | 00,002,054 | ---- | M] () -- C:\Documents and Settings\Nicola\Application Data\wklnhst.dat
[2009/12/08 20:21:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/28 17:24:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/25 14:35:19 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\Nicola\My Documents\WOD Terren Skill goals.wps
[2009/11/25 13:37:10 | 00,002,458 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/25 13:37:04 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/24 17:38:59 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\SmitfraudFix.exe
[2009/11/24 07:17:05 | 00,010,466 | ---- | M] () -- C:\Documents and Settings\Nicola\My Documents\cc_20091124_071606.reg
[2009/11/19 22:11:54 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/19 17:37:21 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/16 19:25:36 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\kalozevi
[2009/11/15 14:02:01 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/12 18:40:42 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/11 22:31:40 | 00,001,477 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Windows Explorer.LNK
[2009/11/11 22:24:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/11 20:32:35 | 00,028,985 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Runescape.url
[2009/11/11 19:47:38 | 00,000,200 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\World of Dungeons.url
[2009/11/11 19:46:39 | 00,000,973 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\eRepublik.url
[2009/11/11 17:39:49 | 00,001,536 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Free Farm Game.url
[2009/11/11 17:23:09 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\CCleaner.lnk
[2009/11/10 21:54:24 | 00,030,692 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\Enchanted Island.url
[2009/11/10 21:52:26 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/10 21:52:25 | 00,000,531 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/10 21:11:48 | 00,000,124 | ---- | M] () -- C:\Documents and Settings\Nicola\Desktop\RK Direct.url
[2009/11/10 20:20:50 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/10 20:17:35 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

< End of report >



This is the contents of extras.txt

OTL Extras logfile created on: 12/10/2009 7:17:47 AM - Run 1
OTL by OldTimer - Version 3.1.14.0 Folder = C:\Documents and Settings\Nicola\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 676.06 Mb Available Physical Memory | 66.65% Memory free
1.19 Gb Paging File | 0.88 Gb Available in Paging File | 73.74% Paging File free
Paging file location(s): C:\pagefile.sys 300 300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.11 Gb Total Space | 0.34 Gb Free Space | 4.81% Space Free | Partition Type: NTFS
Drive D: | 14.96 Gb Total Space | 13.99 Gb Free Space | 93.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELLMINI
Current User Name: Nicola
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8080:TCP" = 8080:TCP:*:Enabled:RK_Tavern_TCP_8080
"8080:UDP" = 8080:UDP:*:Enabled:RK_Tavern_UDP_8080

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\jusched.exe" = C:\Program Files\Java\jre6\bin\jusched.exe:*:Disabled:jusched -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:SightSpeed -- (Dell Inc. and SightSpeed Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{5E11064C-41D6-4451-B45A-E36DFBCB84AC}" = Download Guard for Internet Explorer
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B840FAB0-0E67-4DD9-A93C-A92BA7DF9625}" = Dell Box.net Launcher
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CCleaner" = CCleaner
"Creative OA004" = Integrated Webcam Driver (1.00.03.0720)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"Download Guard for Internet Explorer" = Download Guard for Internet Explorer
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"KeynoteConnector" = Keynote Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterCook Deluxe 9" = MasterCook Deluxe 9 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Dell Touchpad
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2009 1:21:05 AM | Computer Name = DELLMINI | Source = Userenv | ID = 1001
Description = Windows cannot load netapi32.dll. (The paging file is too small for
this operation to complete. ).

Error - 11/11/2009 1:21:16 AM | Computer Name = DELLMINI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/11/2009 1:21:33 AM | Computer Name = DELLMINI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/11/2009 1:21:41 AM | Computer Name = DELLMINI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/11/2009 1:57:39 AM | Computer Name = DELLMINI | Source = Application Error | ID = 1000
Description = Faulting application downloadguard.exe, version 1.0.0.1, faulting
module unknown, version 0.0.0.0, fault address 0x00f02dd0.

Error - 11/11/2009 1:58:04 AM | Computer Name = DELLMINI | Source = Application Error | ID = 1000
Description = Faulting application downloadguard.exe, version 1.0.0.1, faulting
module unknown, version 0.0.0.0, fault address 0x00f02dd0.

Error - 11/12/2009 11:22:26 PM | Computer Name = DELLMINI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x013d5e98.

Error - 11/12/2009 11:48:53 PM | Computer Name = DELLMINI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 11/16/2009 11:26:51 PM | Computer Name = DELLMINI | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 11/17/2009 10:09:06 PM | Computer Name = DELLMINI | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
wikufalu.dll, version 0.0.0.0, fault address 0x000169c8.

[ System Events ]
Error - 12/6/2009 2:54:54 AM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/6/2009 12:43:03 PM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/6/2009 8:45:42 PM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/7/2009 11:26:57 AM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/7/2009 9:51:24 PM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/8/2009 11:28:06 AM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/8/2009 1:06:21 PM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/9/2009 11:05:20 AM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/9/2009 9:51:18 PM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/10/2009 11:05:32 AM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8080:TCP" = 8080:TCP:*:Enabled:RK_Tavern_TCP_8080
"8080:UDP" = 8080:UDP:*:Enabled:RK_Tavern_UDP_8080

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\jusched.exe" = C:\Program Files\Java\jre6\bin\jusched.exe:*:Disabled:jusched -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:SightSpeed -- (Dell Inc. and SightSpeed Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{5E11064C-41D6-4451-B45A-E36DFBCB84AC}" = Download Guard for Internet Explorer
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B840FAB0-0E67-4DD9-A93C-A92BA7DF9625}" = Dell Box.net Launcher
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CCleaner" = CCleaner
"Creative OA004" = Integrated Webcam Driver (1.00.03.0720)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"Download Guard for Internet Explorer" = Download Guard for Internet Explorer
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"KeynoteConnector" = Keynote Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterCook Deluxe 9" = MasterCook Deluxe 9 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Dell Touchpad
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2009 1:21:05 AM | Computer Name = DELLMINI | Source = Userenv | ID = 1001
Description = Windows cannot load netapi32.dll. (The paging file is too small for
this operation to complete. ).

Error - 11/11/2009 1:21:16 AM | Computer Name = DELLMINI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/11/2009 1:21:33 AM | Computer Name = DELLMINI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/11/2009 1:21:41 AM | Computer Name = DELLMINI | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/11/2009 1:57:39 AM | Computer Name = DELLMINI | Source = Application Error | ID = 1000
Description = Faulting application downloadguard.exe, version 1.0.0.1, faulting
module unknown, version 0.0.0.0, fault address 0x00f02dd0.

Error - 11/11/2009 1:58:04 AM | Computer Name = DELLMINI | Source = Application Error | ID = 1000
Description = Faulting application downloadguard.exe, version 1.0.0.1, faulting
module unknown, version 0.0.0.0, fault address 0x00f02dd0.

Error - 11/12/2009 11:22:26 PM | Computer Name = DELLMINI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x013d5e98.

Error - 11/12/2009 11:48:53 PM | Computer Name = DELLMINI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 11/16/2009 11:26:51 PM | Computer Name = DELLMINI | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 11/17/2009 10:09:06 PM | Computer Name = DELLMINI | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
wikufalu.dll, version 0.0.0.0, fault address 0x000169c8.

[ System Events ]
Error - 12/6/2009 2:54:54 AM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/6/2009 12:43:03 PM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/6/2009 8:45:42 PM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/7/2009 11:26:57 AM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/7/2009 9:51:24 PM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/8/2009 11:28:06 AM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/8/2009 1:06:21 PM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/9/2009 11:05:20 AM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/9/2009 9:51:18 PM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3

Error - 12/10/2009 11:05:32 AM | Computer Name = DELLMINI | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%3


< End of report >


Thanks for looking at my issue. :(

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:26 PM

Posted 10 December 2009 - 10:53 AM

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
    O9 - Extra Button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - Reg Error: Key error. File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - AppInit_DLLs: (riwakabe.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\wikufalu.dll) - C:\WINDOWS\System32\wikufalu.dll File not found
    O21 - SSODL: fisojohov - {62ae4edd-2e00-413a-8b88-a81fa8c1705e} - CLSID or File not found.
    O21 - SSODL: guvomegeg - {799e3bdf-256c-4d8a-bc05-e24b3e6a66a0} - CLSID or File not found.
    O21 - SSODL: seyivijip - {06b66e62-1c26-4e3c-951e-151a86068871} - CLSID or File not found.
    O22 - SharedTaskScheduler: {06b66e62-1c26-4e3c-951e-151a86068871} - mujuzedij - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {62ae4edd-2e00-413a-8b88-a81fa8c1705e} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {799e3bdf-256c-4d8a-bc05-e24b3e6a66a0} - kupuhivus - Reg Error: Key error. File not found
    [2009/11/16 19:25:36 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\kalozevi
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\explorer.exe"=-
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.
Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • OTL results
  • New OTL log
Thanks

Edited by syler, 10 December 2009 - 12:43 PM.

unite.jpg


#5 TCel

TCel
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 December 2009 - 11:35 AM

Super Anti-Spyware should have been running, (it comes up on every boot-up), as well as MBAM!

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:26 PM

Posted 10 December 2009 - 12:42 PM

Neither of them are AntiVirus they are AntiSpyware and they also do not have real time protection unless you have the paid versions.

unite.jpg


#7 TCel

TCel
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 10 December 2009 - 07:14 PM

My SuperAntiSpyware is the paid version. I will re-install Avast!, even though it did not seem to do anything when I had it before.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:26 PM

Posted 10 December 2009 - 07:33 PM

It is essential to have an AntiVirus they are different to AntiSpyware.

unite.jpg


#9 TCel

TCel
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 11 December 2009 - 10:36 AM

Here is the log from the fix you posted:

All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present> in the current context!
Error: Unable to interpret <O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present> in the current context!
Error: Unable to interpret <O9 - Extra Button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (riwakabe.dll) - File not found> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (c:\windows\system32\wikufalu.dll) - C:\WINDOWS\System32\wikufalu.dll File not found> in the current context!
Error: Unable to interpret <O21 - SSODL: fisojohov - {62ae4edd-2e00-413a-8b88-a81fa8c1705e} - CLSID or File not found.> in the current context!
Error: Unable to interpret <O21 - SSODL: guvomegeg - {799e3bdf-256c-4d8a-bc05-e24b3e6a66a0} - CLSID or File not found.> in the current context!
Error: Unable to interpret <O21 - SSODL: seyivijip - {06b66e62-1c26-4e3c-951e-151a86068871} - CLSID or File not found.> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {06b66e62-1c26-4e3c-951e-151a86068871} - mujuzedij - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {62ae4edd-2e00-413a-8b88-a81fa8c1705e} - gahurihor - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {799e3bdf-256c-4d8a-bc05-e24b3e6a66a0} - kupuhivus - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <[2009/11/16 19:25:36 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\kalozevi> in the current context!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nicola
->Temp folder emptied: 117396504 bytes
->Temporary Internet Files folder emptied: 169310517 bytes
->Java cache emptied: 4672658 bytes
->FireFox cache emptied: 48355938 bytes

User: Ventura
->Temp folder emptied: 588294 bytes
->Temporary Internet Files folder emptied: 78025 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 156177 bytes
Windows Temp folder emptied: 16472 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 59910 bytes
RecycleBin emptied: 597051 bytes

Total Files Cleaned = 325.49 mb


OTL by OldTimer - Version 3.1.14.0 log created on 12112009_071329

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:26 PM

Posted 11 December 2009 - 11:35 AM

You did not copy the code correctly you missed the : before OTL, do it again copying it correctly, I also need a new OTL log as well.

unite.jpg


#11 TCel

TCel
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 14 December 2009 - 10:28 AM

Again, properly this time, I hope' :(

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E6EF5071-7647-4E85-9785-87B6CF5CB561}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6EF5071-7647-4E85-9785-87B6CF5CB561}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:riwakabe.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\wikufalu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\fisojohov deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62ae4edd-2e00-413a-8b88-a81fa8c1705e}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\guvomegeg deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799e3bdf-256c-4d8a-bc05-e24b3e6a66a0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\seyivijip deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06b66e62-1c26-4e3c-951e-151a86068871}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{06b66e62-1c26-4e3c-951e-151a86068871} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06b66e62-1c26-4e3c-951e-151a86068871}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{62ae4edd-2e00-413a-8b88-a81fa8c1705e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62ae4edd-2e00-413a-8b88-a81fa8c1705e}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{799e3bdf-256c-4d8a-bc05-e24b3e6a66a0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799e3bdf-256c-4d8a-bc05-e24b3e6a66a0}\ not found.
C:\WINDOWS\system32\kalozevi moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nicola
->Temp folder emptied: 1063709 bytes
->Temporary Internet Files folder emptied: 113358068 bytes
->Java cache emptied: 276471 bytes
->FireFox cache emptied: 0 bytes

User: Ventura
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 88 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 109.42 mb


OTL by OldTimer - Version 3.1.14.0 log created on 12142009_095849

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Both logs have today's date (otl.txt and extras.txt) so I attached them.

Attached Files



#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:26 PM

Posted 14 December 2009 - 02:59 PM

You did the script correctly but you have posted the same OTL logs as before, please can you run OTL again and post the new log it will
only produce OTL.txt this time.

Thanks

unite.jpg


#13 TCel

TCel
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 15 December 2009 - 01:40 AM

Ok. I ran it again. I deleted all the old logs, so this was what was recreated.

Attached Files

  • Attached File  OTL.Txt   59.93KB   2 downloads


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:26 PM

Posted 15 December 2009 - 04:21 PM

Hi,

You have the latest Java which is good but you still have an older version installed, this can still be used to exploit your computer so you should remove
it. Please go to Add\Remove programs and uninstal the following:

Java™ 6 Update 5


Please run a BitDefender Online Scan

Note: Only works with internet explorer
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on more details, then click the detected problems tab and click, click here to export the scan report.
  • Save the report to your desktop as results.txt and post it in your next reply.

Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • BitDefender report
  • New DDS log
Thanks

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:26 PM

Posted 20 December 2009 - 12:32 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users