Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS.scr error msg "This program cannot be run in DOS mode"


  • This topic is locked This topic is locked
10 replies to this topic

#1 noolypants

noolypants

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 December 2009 - 04:56 AM

Hello All

I've recently joined this forum in the hope that I can discover what is giving me grief on my Benq joybook A33. I cannot run cmd or regedit or a few other utilities, either by using the start > run or by start > all programs > accessories > command prompt or by going to c:/windows/system32 (even though the cmd.exe file is there and I can double click it). Everytime i try i get this error message 'Windows cannot find 'cmd'. Make sure you typed the name correcty, and then try again. To search for a file, click the start button, and then click search." to which i say "but the stupid file is right there. I can see it!" and then i get angry.

I ran a couple of whole computer scans using AVG which came up with nothing. I then removed the harddrive, put it into an external harddrive case and USBed it to another computer and scanned it with Norton 360 v3 which found 1 virus and fixed it but gave me not much info as to what the virus was (a backdoor trojan, apparently) but after putting the HD back into the laptop i still hav ehte same problem.

I've done a little interwebs research and found a few sights that suggest using Hijackthis to create a log of somethng important i know very little about and post it on a forum somewhere, which i promptly did on this forum but later realised in my frustration i had jumped the gun (apologies) and not read the 'read this first' stuff. So i've just read the 'read this first' stuff and followed the instructions of downloading the dds.scr file to my desktop, but now, when i ran the dds.scr program, instead of a small black window providing informationas to what DDS is doing on my computer, i see a notepad window open up and the words 'This program cannot be run in DOS mode.' surrounded by a whole bunch of gobbledigook. I mean a whole bunch! I've attached the txt file for those interested. There was no attach.txt file either.

What is going on?

I decided to continue with the 'read this first' stuff and downloaded and ran the RootRepeal.exe and it opened but with another error msg saying 'Error - invalid PE image found!'. I clicked ok and then ran the scan, which ran fine, but i now cannot attach the txt file because the dss.txt is too large so i'll attach it in another post.

Any kind of help will be much appreciated.

Attached Files

  • Attached File  dds.txt   512KB   18 downloads


BC AdBot (Login to Remove)

 


#2 noolypants

noolypants
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 December 2009 - 05:00 AM

right. so i cannot attach the Ark.txt so here it is:



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/24 12:28
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA863E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADCE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8193000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xBA5D6000 Size: 81920 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\SECURITY
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8873fc0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8870c80

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa888b170

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8874580

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8888900

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8888b10

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa888cb10

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8874670

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8871210

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa888b9f0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa888b7a0

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8888280

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa888bf10

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa888bf90

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8871070

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa888a180

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8889f40

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa888c6f0

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa888c150

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8873be0

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa888c540

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8874190

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8871440

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa888b4e0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8889200

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8889080

Shadow SSDT
-------------------
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8872e70

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8872f20

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8872fe0

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8871d60

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa8873250

==EOF==

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:02 PM

Posted 24 December 2009 - 12:12 PM

Hi noolypants,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Note: Both the logs will be created on the desktop.


#4 noolypants

noolypants
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 24 December 2009 - 09:04 PM

Hi farbar

Thanks so very much for your asistance. I appreciate it.

I wont do anything to try and fix this problem until we a through.

here's the 2 reports



OTL.Txt

OTL logfile created on: 25/12/2009 4:50:43 AM - Run 1
OTL by OldTimer - Version 3.1.20.0 Folder = C:\Documents and Settings\Craig Kirkwood\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.16 Gb Total Space | 6.37 Gb Free Space | 18.12% Space Free | Partition Type: NTFS
Drive D: | 18.78 Gb Total Space | 0.39 Gb Free Space | 2.06% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BENQ
Current User Name: Craig Kirkwood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/25 04:50:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig Kirkwood\Desktop\OTL.exe
PRC - [2009/12/18 08:00:46 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/13 13:20:55 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/11/06 10:13:02 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/15 10:13:34 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/15 10:13:20 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/09/15 10:13:16 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/29 04:30:04 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/02/15 17:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 17:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/01/06 05:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/06 05:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/12/12 03:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/17 11:50:14 | 00,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2008/11/07 06:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/16 11:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/08/05 12:16:40 | 00,286,720 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2008/07/08 16:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/04/14 03:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/20 02:19:55 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/05/17 08:05:52 | 02,297,856 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2005/08/24 07:51:12 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/08/24 07:50:30 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2005/08/24 07:47:18 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/08/09 10:17:28 | 14,743,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/07/08 06:05:26 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/06/08 14:02:28 | 00,229,376 | R--- | M] (CMOTECH) -- C:\Program Files\MiniMax\Bin\CMTNF5500U.exe
PRC - [2005/06/02 18:31:50 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/06/02 18:28:34 | 00,372,809 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/06/02 18:26:58 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2005/06/02 18:25:56 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/06/02 18:25:20 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/05/31 15:50:54 | 00,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2005/05/31 15:50:16 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
PRC - [2005/05/31 15:46:16 | 00,401,408 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/03/08 01:40:08 | 00,151,552 | ---- | M] () -- C:\Program Files\BenQ\QMusic2\QMAgent.exe
PRC - [2004/11/03 06:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe


========== Modules (SafeList) ==========

MOD - [2009/12/25 04:50:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig Kirkwood\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (COMSystemApp)
SRV - File not found [On_Demand | Stopped] -- -- (Adobe Version Cue CS2)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/15 10:13:20 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/15 10:13:16 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/04/29 04:30:04 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c86ae74bfc18) Google Update Service (gupdate1c9c86ae74bfc18)
SRV - [2009/04/29 03:52:03 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/15 17:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/01/06 05:06:24 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/12/12 03:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/01 03:01:02 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/11/27 08:58:12 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/07 06:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/16 11:22:20 | 00,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/07/30 11:53:08 | 00,587,776 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2008/04/14 03:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2008/01/13 10:08:57 | 00,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/06/30 07:38:40 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/06/02 18:28:34 | 00,372,809 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/06/02 18:25:56 | 00,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/06/02 18:25:20 | 00,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/05/31 15:50:16 | 00,098,304 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe -- (OwnershipProtocol)
SRV - [2005/04/03 17:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/09/15 10:13:34 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/15 10:13:33 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/05/22 15:38:47 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/15 06:32:58 | 00,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/02/15 17:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/11/16 19:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/11/07 06:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/04/17 05:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 21:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 21:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 21:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 21:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 21:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2008/04/13 19:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 13:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/08 04:38:48 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/01/22 23:16:48 | 00,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/01/18 09:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/08/29 09:31:01 | 00,020,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/03/27 09:53:28 | 00,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/08/24 08:20:08 | 01,052,732 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/08/09 11:43:46 | 03,855,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/08 05:52:12 | 00,190,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/03 00:03:54 | 00,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/04/30 09:01:56 | 03,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/03/22 14:45:28 | 00,062,080 | R--- | M] (CMOTech co., LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CMUSBSER.SYS -- (cmusbser)
DRV - [2005/03/17 03:51:16 | 01,033,600 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 03:50:36 | 00,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/03/17 03:50:32 | 00,705,280 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/04 06:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/08 03:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/10 01:30:56 | 00,212,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/08/12 01:44:04 | 00,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 23:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 23:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 01:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/26 06:22:00 | 00,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/03/17 06:04:14 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/02/05 02:33:00 | 00,339,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (WlanUIG)
DRV - [2003/12/06 04:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 07:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://WWW.BenQ.COM/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://WWW.BenQ.COM/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://WWW.BenQ.COM/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://WWW.BenQ.COM/

IE - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\S-1-5-21-3690683021-2697514074-1569847867-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\S-1-5-21-3690683021-2697514074-1569847867-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.usyd.edu.au;<local>;*.local
IE - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\S-1-5-21-3690683021-2697514074-1569847867-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www-cache5.usyd.edu.au:8085


IE - HKU\S-1-5-21-3690683021-2697514074-1569847867-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://WWW.BenQ.COM/
IE - HKU\S-1-5-21-3690683021-2697514074-1569847867-500\S-1-5-21-3690683021-2697514074-1569847867-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://mail.live.com/default.aspx?wa=wsignin1.0"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 08:00:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 08:00:58 | 00,000,000 | ---D | M]

[2008/09/20 08:42:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Extensions
[2009/12/25 04:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\extensions
[2009/01/05 03:31:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\extensions\Access Privileges Test
[2009/11/06 16:32:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\extensions\firebug@software.joehewitt.com
[2009/12/19 13:24:26 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\searchplugins\icqplugin-1.xml
[2009/09/09 15:30:36 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\searchplugins\icqplugin-10.xml
[2008/11/19 08:23:14 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\searchplugins\icqplugin-2.xml
[2008/12/19 08:05:10 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\searchplugins\icqplugin-3.xml
[2009/02/05 09:24:51 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\searchplugins\icqplugin-4.xml
[2009/05/20 09:40:27 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\searchplugins\icqplugin-5.xml
[2009/06/20 08:29:10 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\searchplugins\icqplugin-6.xml
[2009/08/03 14:56:24 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\searchplugins\icqplugin-7.xml
[2009/08/07 10:02:11 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\searchplugins\icqplugin-8.xml
[2009/09/01 15:54:45 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\searchplugins\icqplugin-9.xml
[2008/07/10 05:58:44 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Application Data\Mozilla\Firefox\Profiles\jz5wz4ge.default\searchplugins\icqplugin.xml
[2009/12/24 11:55:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/05 03:31:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2009/05/20 09:37:25 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/05/20 09:37:25 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/05/20 09:37:25 | 00,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/05/20 09:37:25 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (366461 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12612 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\..\Toolbar\ShellBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MiniMax] C:\Program Files\MiniMax\Bin\CMTNF5500U.exe (CMOTECH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QMusic2] C:\Program Files\BenQ\QMusic2\QMAgent.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3690683021-2697514074-1569847867-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3690683021-2697514074-1569847867-1004\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3690683021-2697514074-1569847867-500\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {642BF859-5616-4839-B474-658072B3FFC2} http://www.smartpctools.com/free_registry_.../RegScanner.ocx (Scanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab (PortfolioManagerWT ProfileManager Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\WINDOWS\System32\RtlGina2.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O27 - HKLM IFEO\cmd.exe: Debugger - setuprs1.PIF File not found
O27 - HKLM IFEO\msconfig.exe: Debugger - 4812.PIF File not found
O27 - HKLM IFEO\regedit.exe: Debugger - setuprs1.PIF File not found
O27 - HKLM IFEO\regedt32.exe: Debugger - setuprs1.PIF File not found
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/09 09:22:24 | 00,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{0ef2cf6c-2d67-11dc-a85f-0040d08ce767}\Shell - "" = AutoRun
O33 - MountPoints2\{0ef2cf6c-2d67-11dc-a85f-0040d08ce767}\Shell\1\Command - "" = F:\RUNAUT~1\autorun.pif -- File not found
O33 - MountPoints2\{0ef2cf6c-2d67-11dc-a85f-0040d08ce767}\Shell\2\Command - "" = F:\RUNAUT~1\autorun.pif -- File not found
O33 - MountPoints2\{0ef2cf6c-2d67-11dc-a85f-0040d08ce767}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{10403407-8d7d-11dc-a8a9-0040d08ce767}\Shell - "" = AutoRun
O33 - MountPoints2\{10403407-8d7d-11dc-a8a9-0040d08ce767}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b84588b-0866-11db-93ca-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/03 17:56:58 | 00,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{23cb8288-69e8-11de-9e06-0013ce8ff1f0}\Shell\AutoRun\command - "" = F:\DATA\SYSTEM\Xp.exe -- File not found
O33 - MountPoints2\{23cb8288-69e8-11de-9e06-0013ce8ff1f0}\Shell\open\command - "" = F:\DATA\SYSTEM\Xp.exe -- File not found
O33 - MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{666c4860-85a0-11dc-a8a3-0040d08ce767}\Shell - "" = AutoRun
O33 - MountPoints2\{666c4860-85a0-11dc-a8a3-0040d08ce767}\Shell\Auto\command - "" = RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
O33 - MountPoints2\{666c4860-85a0-11dc-a8a3-0040d08ce767}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{666c4860-85a0-11dc-a8a3-0040d08ce767}\Shell\Browser\command - "" = RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
O33 - MountPoints2\{a23d6160-66da-11de-9e03-0040d08ce767}\Shell\AutoRun\command - "" = G:\C\Settings\cl.exe -- File not found
O33 - MountPoints2\{a23d6160-66da-11de-9e03-0040d08ce767}\Shell\open\command - "" = G:\C\Settings\cl.exe -- File not found
O33 - MountPoints2\{b23b5ee8-ebc4-11dc-a8d4-0040d08ce767}\Shell - "" = AutoRun
O33 - MountPoints2\{b23b5ee8-ebc4-11dc-a8d4-0040d08ce767}\Shell\1\Command - "" = G:\RUNAUT~1\autorun.pif -- File not found
O33 - MountPoints2\{b23b5ee8-ebc4-11dc-a8d4-0040d08ce767}\Shell\2\Command - "" = G:\RUNAUT~1\autorun.pif -- File not found
O33 - MountPoints2\{b23b5ee8-ebc4-11dc-a8d4-0040d08ce767}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b92d4c21-d0e3-11db-a819-0040d08ce767}\Shell\AutoRun\command - "" = F:\Installer.exe -- File not found
O33 - MountPoints2\{b92d4c22-d0e3-11db-a819-0040d08ce767}\Shell\AutoRun\command - "" = launch.bat
O33 - MountPoints2\{beefaf31-07ef-11db-a7bc-0013ce8ff1f0}\Shell - "" = AutoRun
O33 - MountPoints2\{beefaf31-07ef-11db-a7bc-0013ce8ff1f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{beefaf31-07ef-11db-a7bc-0013ce8ff1f0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{beefaf32-07ef-11db-a7bc-0013ce8ff1f0}\Shell\AutoRun\command - "" = G:\PortableRoboForm.exe -- File not found
O33 - MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{ede95252-17f1-11dd-a901-0040d08ce767}\Shell - "" = AutoRun
O33 - MountPoints2\{ede95252-17f1-11dd-a901-0040d08ce767}\Shell\1\Command - "" = G:\RUNAUT~1\autorun.pif -- File not found
O33 - MountPoints2\{ede95252-17f1-11dd-a901-0040d08ce767}\Shell\2\Command - "" = G:\RUNAUT~1\autorun.pif -- File not found
O33 - MountPoints2\{ede95252-17f1-11dd-a901-0040d08ce767}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f8f4fed3-8028-11dc-a89c-0040d08ce767}\Shell - "" = AutoRun
O33 - MountPoints2\{f8f4fed3-8028-11dc-a89c-0040d08ce767}\Shell\1\Command - "" = F:\RUNAUT~1\autorun.pif -- File not found
O33 - MountPoints2\{f8f4fed3-8028-11dc-a89c-0040d08ce767}\Shell\2\Command - "" = F:\RUNAUT~1\autorun.pif -- File not found
O33 - MountPoints2\{f8f4fed3-8028-11dc-a89c-0040d08ce767}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/03 17:56:58 | 00,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/25 04:49:52 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Craig Kirkwood\Desktop\OTL.exe
[2009/12/24 12:25:22 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Craig Kirkwood\Desktop\RootRepeal.exe
[2009/12/19 13:10:03 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Craig Kirkwood\IETldCache
[2009/12/19 04:33:07 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/19 04:33:07 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/19 04:33:07 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/19 04:33:06 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/19 04:33:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/12/19 04:30:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/18 07:03:10 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/18 07:03:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/12/16 07:28:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/16 07:28:03 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/12/16 07:28:01 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/12/14 08:11:44 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/14 08:11:44 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/14 08:11:44 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/14 07:07:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Craig Kirkwood\Application Data\Uniblue
[2009/12/14 06:59:44 | 00,000,000 | ---D | C] -- C:\downloaded exes
[2009/12/13 10:53:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Craig Kirkwood\Desktop\dell stuff
[2009/12/13 10:49:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Craig Kirkwood\Desktop\Oils
[2009/05/22 15:36:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/05/22 15:36:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/22 15:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/22 15:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/05/04 04:17:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2009/05/04 01:05:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/29 04:36:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/03/31 04:06:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/05/17 09:06:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Macromedia
[7 C:\Documents and Settings\Craig Kirkwood\My Documents\*.tmp files -> C:\Documents and Settings\Craig Kirkwood\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/25 04:53:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/25 04:50:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Craig Kirkwood\Desktop\OTL.exe
[2009/12/25 04:31:42 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/12/25 04:31:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/25 04:30:55 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/25 04:30:44 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/25 04:30:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/25 04:30:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/25 04:30:21 | 21,385,54368 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/24 14:17:31 | 13,369,344 | -H-- | M] () -- C:\Documents and Settings\Craig Kirkwood\NTUSER.DAT
[2009/12/24 14:17:31 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Craig Kirkwood\ntuser.ini
[2009/12/24 13:43:59 | 00,083,456 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/24 12:25:46 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Desktop\settings.dat
[2009/12/24 12:25:32 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Craig Kirkwood\Desktop\RootRepeal.exe
[2009/12/24 12:21:43 | 00,524,285 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Desktop\dds.scr
[2009/12/20 07:32:31 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/19 15:20:45 | 04,254,256 | -H-- | M] () -- C:\Documents and Settings\Craig Kirkwood\Local Settings\Application Data\IconCache.db
[2009/12/19 13:13:11 | 46,792,930 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/19 13:13:11 | 00,127,237 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/19 04:33:06 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/18 07:51:22 | 00,366,461 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/18 07:03:18 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Craig Kirkwood\Desktop\Spybot - Search & Destroy.lnk
[2009/12/15 06:37:04 | 00,432,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/15 06:37:04 | 00,067,242 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/15 06:37:03 | 00,507,584 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/14 08:02:29 | 01,542,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/14 07:30:25 | 00,001,593 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[7 C:\Documents and Settings\Craig Kirkwood\My Documents\*.tmp files -> C:\Documents and Settings\Craig Kirkwood\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/24 12:25:46 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Craig Kirkwood\Desktop\settings.dat
[2009/12/24 11:49:58 | 00,524,285 | ---- | C] () -- C:\Documents and Settings\Craig Kirkwood\Desktop\dds.scr
[2009/12/18 09:13:11 | 21,385,54368 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/18 07:03:18 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Craig Kirkwood\Desktop\Spybot - Search & Destroy.lnk
[2009/12/14 07:28:44 | 00,001,593 | ---- | C] () -- C:\WINDOWS\VPNUnInstall.MIF
[2009/06/29 09:10:22 | 00,001,582 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/02/21 03:34:48 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/08 12:32:36 | 00,339,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\WlanUIG.sys
[2007/06/17 02:53:23 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/06/13 02:31:21 | 00,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2007/06/13 02:31:01 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/03/14 05:51:44 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/03/14 05:51:44 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/03/14 05:51:44 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/03/14 05:51:44 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/03/14 05:51:44 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/01/28 08:10:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\the.ini
[2006/09/25 18:22:45 | 00,139,264 | ---- | C] () -- C:\WINDOWS\PKillProcess.dll
[2006/09/24 13:51:36 | 00,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2006/09/24 03:13:11 | 00,000,026 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2006/08/29 08:16:37 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/29 07:15:32 | 00,083,456 | ---- | C] () -- C:\Documents and Settings\Craig Kirkwood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/30 07:20:15 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2006/05/03 09:44:32 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2005/09/13 20:22:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/13 18:56:23 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/11 04:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/04/02 14:01:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\HPB1320V.DLL
[2001/07/31 10:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 03:00:00 | 00,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >









Extras.Txt

OTL Extras logfile created on: 25/12/2009 4:50:43 AM - Run 1
OTL by OldTimer - Version 3.1.20.0 Folder = C:\Documents and Settings\Craig Kirkwood\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.16 Gb Total Space | 6.37 Gb Free Space | 18.12% Space Free | Partition Type: NTFS
Drive D: | 18.78 Gb Total Space | 0.39 Gb Free Space | 2.06% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BENQ
Current User Name: Craig Kirkwood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3690683021-2697514074-1569847867-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- File not found
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32 -- File not found
"C:\Program Files\MiniMax\Bin\Maxon_MiniMax.exe" = C:\Program Files\MiniMax\Bin\Maxon_MiniMax.exe:*:Enabled:Maxon_MiniMax -- (CMOTech)
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Disabled:Hamachi Client -- File not found
"C:\WINDOWS\dllhost.exe" = C:\WINDOWS\dllhost.exe:*:Enabled:dllhost.exe -- File not found
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\xampp\apache\bin\apache.exe" = C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0DD2BDF7-EAC8-41F7-83ED-61A2D05C6235}" = Adobe Setup
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{27270D6C-6784-40C5-BBD3-F0230D25DEAA}" = Q-MediaBar
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}" = Adobe Setup
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5CB6B359-CF25-47BE-B332-D222038758A3}" = QMusic 2.6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{82A5D7F8-F16E-47A3-980E-0B83E3F454C3}" = iPodRip
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96ABF4E1-1489-4B84-B3CB-82E010247D73}" = Adobe Creative Suite 3 Master Collection
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2FF776F-2160-4FFA-AC53-818FBEDC12B3}" = Adobe Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}" = QuarkXPress 7.3
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU.msi
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer Express
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D384EA61-887C-45A8-997B-9E9586437092}" = Maxon MiniMax Modem
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D93F5B-881F-49E3-BA56-B4B8FA991059}" = Adobe Encore CS3 Library
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_71c180716438072ebd356ce2549df41" = Adobe Premiere Pro CS3 Third Party Content
"Adobe_dd78348730168e091cb096fe182e420" = Adobe Creative Suite 3 Design Premium
"Adobe_e7e6bb3ae60aaa1c5b11aa97d8f15b0" = Add or Remove Adobe Creative Suite 3 Master Collection
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"AVG8Uninstall" = AVG Free 8.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001" = HDAUDIO Soft Data Fax Modem with SmartCP
"doPDF 6 printer_is1" = doPDF 6.2 printer
"DVD43_is1" = DVD43 v4.4.0
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"Launchy_21344213_is1" = Launchy 2.1.2
"Mach5 Mailer 4" = Mach5 Mailer 4
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"nbi-nb-base-6.5.0.0.200811100001" = NetBeans IDE 6.5
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"ShockwaveFlash" = Macromedia Flash Player 8
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"xampp" = XAMPP 1.6.8
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/12/2009 3:57:17 AM | Computer Name = BENQ | Source = Google Update | ID = 20
Description =

Error - 24/12/2009 4:08:19 AM | Computer Name = BENQ | Source = Google Update | ID = 20
Description =

Error - 24/12/2009 4:56:37 AM | Computer Name = BENQ | Source = Google Update | ID = 20
Description =

Error - 24/12/2009 5:11:51 AM | Computer Name = BENQ | Source = Google Update | ID = 20
Description =

Error - 24/12/2009 5:56:36 AM | Computer Name = BENQ | Source = Google Update | ID = 20
Description =

Error - 24/12/2009 6:11:51 AM | Computer Name = BENQ | Source = Google Update | ID = 20
Description =

Error - 24/12/2009 6:56:14 AM | Computer Name = BENQ | Source = Google Update | ID = 20
Description =

Error - 24/12/2009 7:11:50 AM | Computer Name = BENQ | Source = Google Update | ID = 20
Description =

Error - 24/12/2009 9:31:26 PM | Computer Name = BENQ | Source = Google Update | ID = 20
Description =

Error - 24/12/2009 9:48:37 PM | Computer Name = BENQ | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 24/12/2009 4:26:23 AM | Computer Name = BENQ | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 24/12/2009 4:33:07 AM | Computer Name = BENQ | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 24/12/2009 4:33:07 AM | Computer Name = BENQ | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 24/12/2009 4:38:01 AM | Computer Name = BENQ | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 24/12/2009 4:38:01 AM | Computer Name = BENQ | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 24/12/2009 4:41:19 AM | Computer Name = BENQ | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 24/12/2009 4:41:19 AM | Computer Name = BENQ | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 24/12/2009 4:43:49 AM | Computer Name = BENQ | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 24/12/2009 4:43:49 AM | Computer Name = BENQ | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 24/12/2009 4:45:37 AM | Computer Name = BENQ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 0040D08CE767 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).


< End of report >

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:02 PM

Posted 25 December 2009 - 07:41 AM

Please don't use any removable drive on any computer at this stage. We need to disinfect them. Tell me if you have any removable drive (flash/pen drive, external hard drive, etc.)
  • Your version of ZoneAlarm Firewall comes with ZoneAlarm Spyblocker toolbar and this is not highly recommended. See here to find out why.

    I recommend you to uninstall ZoneAlarm Spyblocker toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    ZoneAlarm Spyblocker

  • You have the latest version of Java (Java 6 update 17) and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java™ 6 Update 7

  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :Processes
      jqs.exe
      :otl
      O27 - HKLM IFEO\cmd.exe: Debugger - setuprs1.PIF File not found
      O27 - HKLM IFEO\msconfig.exe: Debugger - 4812.PIF File not found
      O27 - HKLM IFEO\regedit.exe: Debugger - setuprs1.PIF File not found
      O27 - HKLM IFEO\regedt32.exe: Debugger - setuprs1.PIF File not found
      O33 - MountPoints2\{0ef2cf6c-2d67-11dc-a85f-0040d08ce767}\Shell - "" = AutoRun
      O33 - MountPoints2\{23cb8288-69e8-11de-9e06-0013ce8ff1f0}\Shell\AutoRun\command - "" = F:\DATA\SYSTEM\Xp.exe -- File not found
      O33 - MountPoints2\{23cb8288-69e8-11de-9e06-0013ce8ff1f0}\Shell\open\command - "" = F:\DATA\SYSTEM\Xp.exe -- File not found
      O33 - MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
      O33 - MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
      O33 - MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
      O33 - MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
      O33 - MountPoints2\{666c4860-85a0-11dc-a8a3-0040d08ce767}\Shell - "" = AutoRun
      O33 - MountPoints2\{666c4860-85a0-11dc-a8a3-0040d08ce767}\Shell\Auto\command - "" = RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
      O33 - MountPoints2\{b23b5ee8-ebc4-11dc-a8d4-0040d08ce767}\Shell - "" = AutoRun
      O33 - MountPoints2\{b23b5ee8-ebc4-11dc-a8d4-0040d08ce767}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{b92d4c22-d0e3-11db-a819-0040d08ce767}\Shell\AutoRun\command - "" = launch.bat
      O33 - MountPoints2\{beefaf32-07ef-11db-a7bc-0013ce8ff1f0}\Shell\AutoRun\command - "" = G:\PortableRoboForm.exe -- File not found
      O33 - MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
      O33 - MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
      O33 - MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
      O33 - MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
      O33 - MountPoints2\{ede95252-17f1-11dd-a901-0040d08ce767}\Shell - "" = AutoRun
      O33 - MountPoints2\{f8f4fed3-8028-11dc-a89c-0040d08ce767}\Shell - "" = AutoRun
      O32 - AutoRun File - [2008/09/09 09:22:24 | 00,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
      
      :files
      C:\Program Files\AskBarDis
      C:\RECYCLER
      c:\autorun.inf
      C:\Documents and Settings\Craig Kirkwood\My Documents\*.tmp
      C:\WINDOWS\System32\*.tmp
      C:\WINDOWS\*.tmp
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Tell me if you can run cmd or regedit now.


#6 noolypants

noolypants
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 26 December 2009 - 04:31 AM

I've done all you have said and now i can run cmd and regedit! WOOT! I have to say, farbar, you are a deadset legend! Thankyou ever so muchly for your help.

I do have some flash drives and an external HD, however, the ext HD USB adaptor is now broken and i can only veiw what is on the HD by putting it into a PC, which I have done already so as to be able to scan it with Norton 360v3. The Norton scan came up with nothing. I used my mum's spare computer to do the scan and now I've moved on from my mum's place and no longer have access to my it until a few day's from now. Do i need to warm my mum of a possible virus infection? The benq HD, when scanned with Norton, came up with a trojan but the ext HD did not so i assumed that it was clean. Perhaps i should not have been so trusting of Norton.

I had a quick look at the OTL report and i take it that 'Process jqs.exe killed successfully!' is a good thing? I also noticed MountPoints2 was mentioned a lot. What is MountPoints2?

Thanks again for your help.

Here is the OTL report


========== PROCESSES ==========
Process jqs.exe killed successfully!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ef2cf6c-2d67-11dc-a85f-0040d08ce767}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ef2cf6c-2d67-11dc-a85f-0040d08ce767}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23cb8288-69e8-11de-9e06-0013ce8ff1f0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23cb8288-69e8-11de-9e06-0013ce8ff1f0}\ not found.
File F:\DATA\SYSTEM\Xp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23cb8288-69e8-11de-9e06-0013ce8ff1f0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23cb8288-69e8-11de-9e06-0013ce8ff1f0}\ not found.
File F:\DATA\SYSTEM\Xp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{427ca776-6aed-11dc-a88f-0040d08ce767}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{427ca776-6aed-11dc-a88f-0040d08ce767}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{427ca776-6aed-11dc-a88f-0040d08ce767}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{427ca776-6aed-11dc-a88f-0040d08ce767}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{427ca776-6aed-11dc-a88f-0040d08ce767}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{666c4860-85a0-11dc-a8a3-0040d08ce767}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{666c4860-85a0-11dc-a8a3-0040d08ce767}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{666c4860-85a0-11dc-a8a3-0040d08ce767}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{666c4860-85a0-11dc-a8a3-0040d08ce767}\ not found.
File C:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b23b5ee8-ebc4-11dc-a8d4-0040d08ce767}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b23b5ee8-ebc4-11dc-a8d4-0040d08ce767}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b23b5ee8-ebc4-11dc-a8d4-0040d08ce767}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b23b5ee8-ebc4-11dc-a8d4-0040d08ce767}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b92d4c22-d0e3-11db-a819-0040d08ce767}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b92d4c22-d0e3-11db-a819-0040d08ce767}\ not found.
File launch.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beefaf32-07ef-11db-a7bc-0013ce8ff1f0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beefaf32-07ef-11db-a7bc-0013ce8ff1f0}\ not found.
File G:\PortableRoboForm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bfea2675-8804-11dc-a8a6-0040d08ce767}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bfea2675-8804-11dc-a8a6-0040d08ce767}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bfea2675-8804-11dc-a8a6-0040d08ce767}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfea2675-8804-11dc-a8a6-0040d08ce767}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bfea2675-8804-11dc-a8a6-0040d08ce767}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ede95252-17f1-11dd-a901-0040d08ce767}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ede95252-17f1-11dd-a901-0040d08ce767}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8f4fed3-8028-11dc-a89c-0040d08ce767}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8f4fed3-8028-11dc-a89c-0040d08ce767}\ not found.
D:\AUTORUN.INF moved successfully.
========== FILES ==========
File\Folder C:\Program Files\AskBarDis not found.
C:\RECYCLER\S-1-5-21-3690683021-2697514074-1569847867-1004\Dc412 folder moved successfully.
C:\RECYCLER\S-1-5-21-3690683021-2697514074-1569847867-1004 folder moved successfully.
C:\RECYCLER\S-1-5-21-2538479605-1967814404-2390091969-500 folder moved successfully.
C:\RECYCLER\S-1-5-21-2531612070-620652765-1085322366-500 folder moved successfully.
C:\RECYCLER\S-1-5-21-220523388-926492609-839522115-500 folder moved successfully.
C:\RECYCLER\S-1-5-21-1295604502-3063975197-1835342100-500 folder moved successfully.
C:\RECYCLER folder moved successfully.
File\Folder c:\autorun.inf not found.
C:\Documents and Settings\Craig Kirkwood\My Documents\~WRL0004.tmp moved successfully.
C:\Documents and Settings\Craig Kirkwood\My Documents\~WRL0119.tmp moved successfully.
C:\Documents and Settings\Craig Kirkwood\My Documents\~WRL1160.tmp moved successfully.
C:\Documents and Settings\Craig Kirkwood\My Documents\~WRL1570.tmp moved successfully.
C:\Documents and Settings\Craig Kirkwood\My Documents\~WRL2215.tmp moved successfully.
C:\Documents and Settings\Craig Kirkwood\My Documents\~WRL2422.tmp moved successfully.
C:\Documents and Settings\Craig Kirkwood\My Documents\~WRL3651.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\002891_.tmp moved successfully.

OTL by OldTimer - Version 3.1.20.0 log created on 12262009_120757

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:02 PM

Posted 26 December 2009 - 06:55 AM

About the external HD the only precaution you should take is to let your mum run Flash_Disinfector while the external drive is attached.

I had a quick look at the OTL report and i take it that 'Process jqs.exe killed successfully!' is a good thing? I also noticed MountPoints2 was mentioned a lot. What is MountPoints2?

jqs.exe is Java's quick start service and is legit. I put that before other commands because some people may not take : before otl.

The MountPoints2 are registry entries on your computer pointing at files on removable devices.

Your computer is infected with a flash drive infection. This type of infection gets usually carried over through removable storage devices (flash drive/ USB drive/ thumb drive/ ipod/ memory stick/ memory card/ photo camera memory card/ external hard drive, etc) and networks. Please make sure you have your removable devices ready to disinfect. Don't connect them yet.

Please read this carefully: http://www.zyxware.com/articles/2007/08/14...virus-infection

Note: It is important to have autoplay feature turned off and not to open the thump drives by double clicking. Instead rightclick the drive and select Explore
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • Turn of the auto-protect or resident-shield of your antivirus.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning which takes only a few seconds and then exit the program.
    • Reboot your computer when done.
    Note 1:Please temporarily disable your anti-virus program before downloading this tool as it can be falsely flagged as malware: How to disable anti-virus programs
    Note 2: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.


  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

      Note: Please don't use the registry cleaner of CCleaner or any other registry cleaner unless you know what you are doing.
  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#8 noolypants

noolypants
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 29 December 2009 - 09:19 PM

Hey farbar

That's all the steps complete



here's the log


Malwarebytes' Anti-Malware 1.42
Database version: 3453
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/12/2009 4:40:38 AM
mbam-log-2009-12-30 (04-40-38).txt

Scan type: Quick Scan
Objects scanned: 120325
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Craig Kirkwood\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:02 PM

Posted 30 December 2009 - 03:51 AM

It looks good. :(

Please run OTL.
  • Click Clean Up button.
  • Accept any prompts.
  • This will remove any tools we used, including OTL, and will require a reboot.
Happy Computing noolypants. :(

#10 noolypants

noolypants
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 30 December 2009 - 06:29 PM

:) :( :) you're a :( :) and i will :) you.

:step1:

Thankyou

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:02 PM

Posted 31 December 2009 - 01:30 AM

You are most welcome noolypants. :( :) :(

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users