Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Running very slow!! liouqi.exe


  • This topic is locked This topic is locked
71 replies to this topic

#1 BarryClifford

BarryClifford

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 02 February 2010 - 08:10 AM

Hi i have been told to start a new thread about my second pc's problems!It's quiet old but a work horse! infected by the other pc weve been tring to fix,but to be fair it's never ran very well,i think lots of add ware spyware etc.the problem is liouqi.exe in task manager is running cpu too high to allow much to be done on it!Ok so have included a OTL scan report,i know i shouldn't have but i did try to take out liouqi.exe in otl in run fixes but it didn't work! sorry am a little impaitiant,both of my pc's have been out of service for some time now! Baz crazy.gif
OTL logfile created on: 01/02/2010 16:47:58 - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\barry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 190.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 0.38 Gb Free Space | 1.01% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 7.14 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BAZO
Current User Name: barry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/01 16:47:04 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\barry\Desktop\OTL.exe
PRC - [2010/01/20 12:21:23 | 000,073,728 | RHS- | M] (RReGFmyh) -- C:\Documents and Settings\barry\liouqi.exe
PRC - [2009/03/10 21:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/01 12:06:14 | 000,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/01 13:31:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/14 00:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/20 15:35:38 | 000,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2007/09/20 09:51:46 | 000,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2003/10/06 13:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2002/12/11 19:03:00 | 000,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\SAgent4.exe
PRC - [2002/07/01 20:02:00 | 000,062,464 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP2.EXE
PRC - [2001/08/17 22:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/01 16:47:04 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\barry\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2008/10/01 17:57:00 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/10/01 12:06:14 | 000,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/01 13:31:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/09/20 15:35:38 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/09/20 09:51:46 | 000,853,288 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/08/29 00:40:20 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2003/10/06 13:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2002/12/11 19:03:00 | 000,122,880 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\SAgent4.exe -- (StatusAgent4)
SRV - [2002/07/01 20:02:00 | 000,062,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)
SRV - [2000/08/06 00:50:20 | 007,442,493 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2000/08/06 00:50:18 | 000,303,170 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)


========== Driver Services (SafeList) ==========

DRV - [2009/01/07 01:16:29 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/04/17 12:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 18:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/15 02:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/05/02 18:23:34 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2006/02/22 15:17:02 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\Ultra.dll -- (ultra)
DRV - [2006/02/20 00:52:32 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2005/10/17 19:05:40 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2005/09/07 12:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/09/07 12:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/09/13 03:11:30 | 000,049,611 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MaRdP2K.sys -- (MaRdPnp)
DRV - [2004/09/01 11:59:48 | 000,055,890 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8630U.sys -- (MA8630U)
DRV - [2004/09/01 09:56:24 | 000,024,404 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8630M.sys -- (MA8630M)
DRV - [2004/08/30 11:26:22 | 000,022,992 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8630C.sys -- (MA8630C)
DRV - [2004/08/23 07:40:04 | 000,011,089 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2004/01/28 07:34:56 | 000,140,416 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/28 07:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2003/12/01 02:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/10/06 13:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/08/20 10:51:10 | 000,635,012 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvf2.sys -- (sonypvf2)
DRV - [2003/08/20 10:44:26 | 000,431,236 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvt2.sys -- (sonypvt2)
DRV - [2003/08/11 09:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/25 15:02:40 | 000,019,478 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonypvl2.sys -- (sonypvl2)
DRV - [2003/07/11 14:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/06/24 10:29:34 | 000,064,093 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sonypvd2.sys -- (sonypvd2)
DRV - [2002/06/06 17:10:02 | 000,380,288 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis7018.sys -- (SiS7018) Service for SiS7018 Driver (WDM)
DRV - [2001/09/10 08:00:00 | 000,017,976 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epusbsto.sys -- (EPUSBSTOR)
DRV - [2001/08/23 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 12:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
IE - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKU\S-1-5-21-861567501-746137067-854245398-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-861567501-746137067-854245398-1003\S-1-5-21-861567501-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-746137067-854245398-1003\S-1-5-21-861567501-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/12/31 01:06:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/12/31 01:06:18 | 000,000,000 | ---D | M]

[2007/11/21 22:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barry\Application Data\Mozilla\Firefox\Profiles\sokuc12n.default\extensions
[2007/08/08 00:27:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\barry\Application Data\Mozilla\Firefox\Profiles\sokuc12n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/08/20 12:27:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/07 00:38:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/08/12 00:11:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/08/12 00:10:55 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/08/12 00:10:55 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/08/12 00:10:55 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/08/12 00:11:00 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/08/12 00:11:00 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/01/08 00:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2006/11/09 15:20:00 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2008/11/14 01:08:00 | 000,113,575 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 80.80.15.166
O1 - Hosts: 127.0.0.1 a1708.g.akamai.net
O1 - Hosts: 127.0.0.1 ad.asv.de
O1 - Hosts: 127.0.0.1 ad.ca.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.de.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.dk.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.es.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.fr.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.free6.com
O1 - Hosts: 127.0.0.1 ad.it.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.iwin.com
O1 - Hosts: 127.0.0.1 ad.jp.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.kr.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.linkexchange.com
O1 - Hosts: 127.0.0.1 ad.linksynergy.com
O1 - Hosts: 127.0.0.1 ad.nl.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.no.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.preferences.com
O1 - Hosts: 127.0.0.1 ad.se.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.sma.punto.net
O1 - Hosts: 127.0.0.1 ad.trafficmp.com
O1 - Hosts: 127.0.0.1 ad.uk.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.webprovider.com
O1 - Hosts: 3141 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {6D55F78D-57E0-7A56-9975-02E12506D1B4} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-861567501-746137067-854245398-1003\..\Toolbar\WebBrowser: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-746137067-854245398-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-861567501-746137067-854245398-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-746137067-854245398-1003..\Run: [liouqi] C:\Documents and Settings\barry\liouqi.exe (RReGFmyh)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-861567501-746137067-854245398-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Save Flash - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Web Rebates. - C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Common\yhexbmesuk.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Common\yhexbmesuk.dll (Yahoo! Inc.)
O9 - Extra Button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-861567501-746137067-854245398-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-861567501-746137067-854245398-1003\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8174.6097685185 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/26 18:22:26 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/26 18:22:26 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
c
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/07/06 21:10:21 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "BITS"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe - (Nikon Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^barry^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^barry^Start Menu^Programs^Startup^Slide.exe.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: AVG7_CC - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Babylon Client - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BitComet - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: BlockAds - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found
MsConfig - StartUpReg: eBayToolbar - hkey= - key= - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay)
MsConfig - StartUpReg: EPSON Stylus Photo 1400 Series - hkey= - key= - File not found
MsConfig - StartUpReg: EPSON Stylus Photo R200 Series - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: liouqi - hkey= - key= - C:\Documents and Settings\barry\liouqi.exe (RReGFmyh)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MySpaceIM - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: Pop-Up-Blocker - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: PowerStrip - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - G:\QTTask.exe File not found
MsConfig - StartUpReg: SetIcon - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Shareaza - hkey= - key= - C:\CreativesFiles\Shareaza.exe (Shareaza Development Team)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: webrebates - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2eac6a2d-57a8-44d4-96f7-e32bab40ca5f} - Windows Update
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {92A71276-D095-DCF5-CB08-F38122EF81A9} - Q867801
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux1 - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2085/12/22 18:42:24 | 000,294,912 | ---- | C] (Ahead Software AG) -- C:\shortcut.dll
[2010/02/01 16:47:00 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\barry\Desktop\OTL.exe
[2010/01/27 09:25:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/27 09:25:35 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/27 09:24:36 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\barry\Desktop\mbam-setup.exe
[2010/01/26 18:22:26 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/01/20 12:21:23 | 000,073,728 | RHS- | C] (RReGFmyh) -- C:\Documents and Settings\barry\liouqi.scr
[2010/01/20 12:21:23 | 000,073,728 | RHS- | C] (RReGFmyh) -- C:\Documents and Settings\barry\liouqi.exe
[2010/01/13 03:13:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/13 02:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barry\Application Data\Malwarebytes
[2010/01/13 02:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/13 02:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/01/13 01:46:15 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\barry\My Documents\zztoy.exe
[2010/01/12 19:37:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\barry\Recent
[2010/01/12 18:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegCure
[2010/01/11 15:53:31 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\barry\Desktop\RootRepeal.exe
[2009/07/06 11:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/06 11:34:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/06 11:34:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/08 08:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/01/07 01:16:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\barry\Application Data\pcouffin.sys
[2008/03/31 04:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Real
[2008/03/31 04:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2007/12/31 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/05 05:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2085/12/22 18:42:24 | 000,294,912 | ---- | M] (Ahead Software AG) -- C:\shortcut.dll
[2010/02/01 16:58:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{829745A4-D126-42D5-99EF-CE92F2849791}.job
[2010/02/01 16:47:04 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\barry\Desktop\OTL.exe
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\Video .lnk
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\Pictures .lnk
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\Passwords .lnk
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\New Folder .lnk
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\Music .lnk
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\Documents .lnk
[2010/01/30 11:10:12 | 000,000,125 | RHS- | M] () -- C:\Documents and Settings\barry\autorun.inf
[2010/01/29 17:12:58 | 000,001,063 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/29 17:12:58 | 000,000,301 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/01/29 17:12:58 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/01/29 17:09:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/29 17:06:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/29 17:06:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/29 17:06:27 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/28 19:39:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/27 17:12:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\hf7x4ro9.exe
[2010/01/27 09:28:38 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\kd3164i8.exe
[2010/01/27 09:25:42 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/27 09:24:52 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\barry\Desktop\mbam-setup.exe
[2010/01/27 09:20:03 | 000,349,152 | ---- | M] () -- C:\Documents and Settings\barry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/27 09:17:54 | 000,884,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/27 09:16:31 | 013,369,344 | ---- | M] () -- C:\Documents and Settings\barry\ntuser.dat
[2010/01/27 09:16:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\barry\ntuser.ini
[2010/01/26 18:23:52 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\Flash_Disinfector.exe
[2010/01/26 14:46:00 | 000,010,841 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb0000
[2010/01/26 14:46:00 | 000,000,217 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb
[2010/01/26 14:34:18 | 000,096,420 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\Kevin & Perry pics.jpg
[2010/01/25 01:58:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2010/01/20 12:21:23 | 000,073,728 | RHS- | M] (RReGFmyh) -- C:\Documents and Settings\barry\liouqi.scr
[2010/01/20 12:21:23 | 000,073,728 | RHS- | M] (RReGFmyh) -- C:\Documents and Settings\barry\liouqi.exe
[2010/01/14 03:11:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 15:59:07 | 000,442,486 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\0007.jpg
[2010/01/13 12:14:15 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\barry\default.pls
[2010/01/13 12:13:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/13 01:46:20 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\barry\My Documents\zztoy.exe
[2010/01/12 18:52:37 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\SUPERAntiSpyware.exe
[2010/01/12 11:26:43 | 000,547,362 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/12 11:26:43 | 000,459,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/12 11:26:43 | 000,078,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/12 02:13:48 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/11 15:53:33 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\barry\Desktop\RootRepeal.exe
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\Video .lnk
[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\Pictures .lnk
[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\Passwords .lnk
[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\New Folder .lnk
[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\Music .lnk
[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\Documents .lnk
[2010/01/30 11:10:12 | 000,000,125 | RHS- | C] () -- C:\Documents and Settings\barry\autorun.inf
[2010/01/27 17:11:59 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\hf7x4ro9.exe
[2010/01/27 09:28:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\kd3164i8.exe
[2010/01/27 09:25:42 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/26 18:23:51 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\Flash_Disinfector.exe
[2010/01/26 14:34:48 | 000,096,420 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\Kevin & Perry pics.jpg
[2010/01/14 03:11:05 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 16:00:03 | 000,442,486 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\0007.jpg
[2010/01/12 18:52:37 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\SUPERAntiSpyware.exe
[2010/01/12 14:45:13 | 000,009,221 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Remix Land 2009 cd2.ncd
[2010/01/12 14:44:58 | 002,574,019 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DSC_0320.JPG
[2010/01/12 14:44:58 | 002,452,326 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DSC_0359.JPG
[2010/01/12 14:44:58 | 002,039,207 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\MV Dance 04 cover.psd
[2010/01/12 14:44:58 | 000,826,102 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\MV - DANCE 07.jpg
[2010/01/12 14:44:58 | 000,310,145 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\BNO cd1.jpg
[2010/01/12 14:44:58 | 000,297,441 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\MV - DANCE 04.jpg
[2010/01/12 14:44:58 | 000,296,203 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\BNO cd3.jpg
[2010/01/12 14:44:58 | 000,260,932 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\MV - DANCE 11.jpg
[2010/01/12 14:44:58 | 000,249,741 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\BNO cd2.jpg
[2010/01/12 14:44:58 | 000,237,971 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Remix Heavan 2009 CD2_edited-1.jpg
[2010/01/12 14:44:58 | 000,198,224 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\M of S Annual 2010.jpg
[2010/01/12 14:44:58 | 000,104,226 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV AUG22-09.ncd
[2010/01/12 14:44:58 | 000,080,655 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV JULY-09.ncd
[2010/01/12 14:44:58 | 000,080,499 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV MAY-09.ncd
[2010/01/12 14:44:58 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV SEPT12-09.ncd
[2010/01/12 14:44:58 | 000,009,716 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Best of Mash Up Mix CD2.ncd
[2010/01/12 14:44:58 | 000,009,281 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Remix Land 2009 cd1.ncd
[2010/01/12 14:44:58 | 000,008,749 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\CD July20-09.ncd
[2010/01/12 14:44:58 | 000,008,713 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Best of Top 40 Nov 2009.ncd
[2010/01/12 14:44:58 | 000,008,168 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV NOV-09.ncd
[2010/01/12 14:44:58 | 000,007,091 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV Nov30-09.ncd
[2010/01/12 13:11:23 | 000,102,912 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\Reference letter - miles.doc
[2010/01/12 13:11:23 | 000,090,989 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\Reference form - miles.doc
[2010/01/12 13:11:23 | 000,009,499 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Top 20 Hits July 2009.ncd
[2010/01/12 13:11:23 | 000,008,030 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Tamla Motown Classics1.ncd
[2010/01/12 13:11:23 | 000,001,488 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Remixed Land Non-stop 1 Track CD 2009.rtf
[2009/01/07 01:16:26 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\barry\Application Data\pcouffin.log
[2009/01/07 01:16:25 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\barry\Application Data\ezpinst.exe
[2009/01/07 01:16:25 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\barry\Application Data\pcouffin.cat
[2009/01/07 01:16:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\barry\Application Data\pcouffin.inf
[2008/12/31 01:06:22 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/12/31 01:05:59 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/12/31 01:05:58 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/31 01:05:57 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/31 01:05:57 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/03 07:22:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2008/08/12 19:22:36 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/03/17 15:58:58 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\barry\Local Settings\Application Data\fusioncache.dat
[2008/03/03 12:47:07 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2007/12/13 10:25:05 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/12/03 19:36:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE ESP1400Euro.ini
[2007/09/27 01:38:00 | 000,890,953 | ---- | C] () -- C:\WINDOWS\Txtis.ini
[2007/08/08 23:41:52 | 000,223,305 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2007/08/08 23:41:38 | 000,890,953 | ---- | C] () -- C:\WINDOWS\HSC_sq4.ini
[2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/01/11 19:33:18 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ACBB732420.sys
[2006/10/18 23:56:50 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\202473BBAC.sys
[2006/10/18 23:56:48 | 000,009,394 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/20 22:15:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLea.DAT
[2006/08/09 23:19:16 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys
[2006/08/08 01:14:23 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv300053706p4now.sys
[2006/03/09 23:21:57 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2006/03/09 02:38:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/22 15:17:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll
[2005/10/18 21:24:31 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2005/10/17 19:57:51 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/10/17 19:55:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER220.ini
[2005/10/17 19:05:40 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2005/08/12 21:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/06 02:20:25 | 000,043,008 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2005/05/30 13:25:45 | 000,000,128 | ---- | C] () -- C:\WINDOWS\keypad.ini
[2005/03/06 21:14:10 | 000,001,556 | ---- | C] () -- C:\WINDOWS\psmplay.ini
[2005/01/23 21:53:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER200Euro.ini
[2005/01/07 15:14:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nokiacontentcopier.INI
[2004/12/28 19:07:49 | 000,019,042 | -H-- | C] () -- C:\Program Files\aviedit.GID
[2004/12/28 19:04:33 | 000,657,408 | ---- | C] () -- C:\Program Files\outputBM.avi
[2004/12/06 02:29:03 | 000,000,640 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2004/11/02 10:40:22 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/11/02 10:40:22 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/11/02 10:24:14 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/10/27 23:44:53 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2004/10/27 23:44:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/10/20 22:14:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/11 13:49:04 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/08/11 17:07:40 | 000,000,045 | ---- | C] () -- C:\WINDOWS\CDHGFFHN.ini
[2004/07/31 20:28:19 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2004/07/16 20:07:46 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/14 21:12:25 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/14 00:02:32 | 000,000,032 | ---- | C] () -- C:\WINDOWS\serials.INI
[2004/07/10 23:27:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/10 13:03:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/07/08 00:49:13 | 000,053,303 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/20 12:52:52 | 000,000,612 | ---- | C] () -- C:\WINDOWS\System32\Generic.ini
[2003/10/31 09:49:18 | 000,000,233 | ---- | C] () -- C:\WINDOWS\Swap008F.ini
[2003/10/31 09:48:04 | 000,000,233 | ---- | C] () -- C:\WINDOWS\Swap008E.ini
[2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/30 22:38:19 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2003/08/07 19:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2000/12/29 09:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2000/09/12 11:12:00 | 000,000,197 | -H-- | C] () -- C:\WINDOWS\System32\win709a.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/10/19 19:33:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/10/13 09:59:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/19 19:33:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/10/13 09:59:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 06:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/07/31 22:25:36 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/10/19 19:33:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/13 09:59:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/07/31 22:25:36 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/10/19 19:33:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/10/13 09:59:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/01/08 07:20:25 | 008,132,355 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2004/01/08 07:20:25 | 008,132,355 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys
[2001/05/04 19:05:02 | 000,085,264 | ---- | M] (Microsoft Corporation) MD5=7E91972F4CF3EA0B0C804F005BF42C7A -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2001/05/04 19:05:02 | 000,085,264 | ---- | M] (Microsoft Corporation) MD5=7E91972F4CF3EA0B0C804F005BF42C7A -- C:\WINNT\system32\drivers\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[1999/12/06 21:00:00 | 000,084,976 | ---- | M] (Microsoft Corporation) MD5=F4D5D4CC7B704608FC686D248981F461 -- C:\WINNT\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/03/24 02:17:01 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=CEB85BFA135CBDDA10C89E5D31D95F9B -- C:\WINNT\system32\dllcache\EVENTLOG.DLL
[2004/03/24 02:17:01 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=CEB85BFA135CBDDA10C89E5D31D95F9B -- C:\WINNT\system32\EVENTLOG.DLL
[1999/12/06 21:00:00 | 000,044,816 | ---- | M] (Microsoft Corporation) MD5=E3B0DABC518C3744DF00B12899D60805 -- C:\WINNT\$NtUninstallKB835732$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2001/05/04 19:05:02 | 000,366,352 | ---- | M] (Microsoft Corporation) MD5=00DD48E937136AE9D5195441632F3CEC -- C:\WINNT\$NtUninstallSP2SRP1$\netlogon.dll
[2001/05/04 19:05:02 | 000,366,352 | ---- | M] (Microsoft Corporation) MD5=00DD48E937136AE9D5195441632F3CEC -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/03/24 02:17:01 | 000,371,472 | ---- | M] (Microsoft Corporation) MD5=21537BC1F1AB7667A3828B2344E6D4BA -- C:\WINNT\system32\dllcache\NETLOGON.DLL
[2004/03/24 02:17:01 | 000,371,472 | ---- | M] (Microsoft Corporation) MD5=21537BC1F1AB7667A3828B2344E6D4BA -- C:\WINNT\system32\NETLOGON.DLL
[2001/10/30 12:57:00 | 000,369,936 | ---- | M] (Microsoft Corporation) MD5=2AF99428CC30FCD7B8201E837C35EAFB -- C:\WINNT\$NtUninstallKB835732$\netlogon.dll
[1999/12/06 21:00:00 | 000,356,112 | ---- | M] (Microsoft Corporation) MD5=2C2BEF8554A1F3C950E063ABFE286192 -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/04 07:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/03/24 02:17:01 | 000,111,376 | ---- | M] (Microsoft Corporation) MD5=0B476C9305098B37BE70F0AC29E671E5 -- C:\WINNT\system32\dllcache\scecli.dll
[2004/03/24 02:17:01 | 000,111,376 | ---- | M] (Microsoft Corporation) MD5=0B476C9305098B37BE70F0AC29E671E5 -- C:\WINNT\system32\scecli.dll
[2004/08/04 07:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2001/05/04 19:05:02 | 000,107,792 | ---- | M] (Microsoft Corporation) MD5=1B93D2A8B21FF55CEB0B7670B6A32A61 -- C:\WINNT\$NtUninstallSP2SRP1$\scecli.dll
[2001/05/04 19:05:02 | 000,107,792 | ---- | M] (Microsoft Corporation) MD5=1B93D2A8B21FF55CEB0B7670B6A32A61 -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[1999/12/06 21:00:00 | 000,107,792 | ---- | M] (Microsoft Corporation) MD5=5D4EFA4B12CBF2F00A06F0C9A720BDAF -- C:\WINNT\$NtServicePackUninstall$\scecli.dll
[2001/10/30 12:57:00 | 000,111,376 | ---- | M] (Microsoft Corporation) MD5=8F874F7BDC756C0F8237D243BC3E98C4 -- C:\WINNT\$NtUninstallKB835732$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4B7BEAFF
< End of report >


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:21 PM

Posted 05 February 2010 - 09:52 AM

Hi,

Please download and run Flash_Disinfector with all flash drives you own connected to the PC:
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

please run the following fix:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    O4 - HKU\S-1-5-21-861567501-746137067-854245398-1003..\Run: [liouqi] C:\Documents and Settings\barry\liouqi.exe (RReGFmyh)
    [2010/01/26 18:22:26 | 000,000,000 | RHSD | C] -- C:\autorun.inf
    [2010/01/20 12:21:23 | 000,073,728 | RHS- | C] (RReGFmyh) -- C:\Documents and Settings\barry\liouqi.scr
    [2010/01/20 12:21:23 | 000,073,728 | RHS- | C] (RReGFmyh) -- C:\Documents and Settings\barry\liouqi.exe
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 BarryClifford

BarryClifford
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 05 February 2010 - 05:39 PM

HI thank you for your help it is much apprieciated! as requested find the two logs. As i am here can i ask,do we need to do anything about the Hosts at the beginning of the otl scan log,arn't they helping to slow the pc down also? and also just before i go,on the
other pc (The Vaio downstairs) should i do another scan with otl or wait for someone to get back to me?as the internet still is not working and the task manager has changed(ie: no processes, performance tabs at the top of the box etc) cheers Baz. thumbup2.gif thumbup2.gif
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-861567501-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Run\\liouqi not found.
C:\Documents and Settings\barry\liouqi.exe moved successfully.
C:\autorun.inf folder moved successfully.
C:\Documents and Settings\barry\liouqi.scr moved successfully.
File C:\Documents and Settings\barry\liouqi.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: All Users.WINDOWS

User: All Users.WINNT

User: Application Data

User: barry
->Temp folder emptied: 3853588 bytes
->Temporary Internet Files folder emptied: 68629796 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3411381 bytes

User: Baz Clifford
->Temp folder emptied: 448 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINNT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 426140 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1740880 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 20550 bytes
%systemroot%\System32 .tmp files removed: 3295744 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 439 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12981728 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90.00 mb


OTL by OldTimer - Version 3.1.27.1 log created on 02052010_220408

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
theOTL logfile created on: 05/02/2010 22:18:01 - Run 3
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\barry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 269.00 Mb Available Physical Memory | 53.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 0.46 Gb Free Space | 1.24% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 7.14 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 45.69 Mb Total Space | 43.85 Mb Free Space | 95.97% Space Free | Partition Type: FAT
Drive G: | 465.65 Gb Total Space | 51.94 Gb Free Space | 11.16% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BAZO
Current User Name: barry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\barry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\E_S00RP2.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\barry\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (StatusAgent4) -- C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV2_02) EPSON V3 Service2(02) -- C:\WINDOWS\system32\E_S00RP2.EXE (SEIKO EPSON CORPORATION)
SRV - (MSSQLSERVER) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLSERVERAGENT) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PStrip) -- C:\WINDOWS\system32\drivers\pstrip.sys (EnTech Taiwan)
DRV - (MxlW2k) -- C:\WINDOWS\system32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (CamDrL) Logitech QuickCam Pro 3000(CamDrl) -- C:\WINDOWS\system32\drivers\Camdrl.sys (Logitech Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\Ultra.dll ()
DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (Cdralw2k) -- C:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (MaRdPnp) -- C:\WINDOWS\system32\drivers\MaRdP2K.sys (Mobile Action Technology Inc.)
DRV - (MA8630U) -- C:\WINDOWS\system32\drivers\MA8630U.sys (Mobile Action Technology Inc.)
DRV - (MA8630M) -- C:\WINDOWS\system32\drivers\MA8630M.sys (Mobile Action Technology Inc.)
DRV - (MA8630C) -- C:\WINDOWS\system32\drivers\MA8630C.sys (Mobile Action Technology Inc.)
DRV - (MaVctrl) -- C:\WINDOWS\system32\drivers\MaVc2K.sys (Mobile Action Technology Inc.)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\system32\drivers\Udfreadr.sys (Roxio)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sonypvf2) -- C:\WINDOWS\system32\drivers\sonypvf2.sys (Sony Corporation)
DRV - (sonypvt2) -- C:\WINDOWS\system32\drivers\sonypvt2.sys (Sony Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (sonypvl2) -- C:\WINDOWS\system32\drivers\sonypvl2.sys (Sony Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (sonypvd2) -- C:\WINDOWS\system32\drivers\sonypvd2.sys (Sony Corporation)
DRV - (SiS7018) Service for SiS7018 Driver (WDM) -- C:\WINDOWS\system32\drivers\sis7018.sys (Silicon Integrated Systems Corporation)
DRV - (EPUSBSTOR) -- C:\WINDOWS\system32\drivers\epusbsto.sys (SEIKO EPSON CORPORATION)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/12 02:57:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/12/31 01:06:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/12/31 01:06:18 | 000,000,000 | ---D | M]

[2007/11/21 22:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barry\Application Data\Mozilla\Firefox\Profiles\sokuc12n.default\extensions
[2007/08/12 00:11:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\barry\Application Data\Mozilla\Firefox\Profiles\sokuc12n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/08/08 00:27:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\barry\Application Data\Mozilla\Firefox\Profiles\sokuc12n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/08/20 12:27:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/07 00:38:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/08/12 00:11:17 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/14 20:20:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/12 00:11:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/08/12 00:10:55 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/08/12 00:10:55 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/08/12 00:10:55 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/08/12 00:11:00 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/08/12 00:11:00 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/01/08 00:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/10/20 00:54:06 | 000,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2007/08/12 00:11:12 | 000,022,400 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/02/13 01:28:22 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2005/09/16 21:07:22 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2005/09/16 21:07:22 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2005/09/16 21:07:22 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2005/09/16 21:07:22 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/10/14 09:28:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/10/14 09:28:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/10/14 09:28:22 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/02/13 01:29:43 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/02/13 01:28:06 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2006/11/09 15:20:00 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/08/12 00:11:15 | 000,001,514 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2007/08/12 00:11:15 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2007/08/12 00:11:15 | 000,001,038 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2007/08/12 00:11:15 | 000,001,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2007/08/12 00:11:15 | 000,002,351 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

O1 HOSTS File: ([2008/11/14 01:08:00 | 000,113,575 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 80.80.15.166
O1 - Hosts: 127.0.0.1 a1708.g.akamai.net
O1 - Hosts: 127.0.0.1 ad.asv.de
O1 - Hosts: 127.0.0.1 ad.ca.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.de.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.dk.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.es.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.fr.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.free6.com
O1 - Hosts: 127.0.0.1 ad.it.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.iwin.com
O1 - Hosts: 127.0.0.1 ad.jp.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.kr.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.linkexchange.com
O1 - Hosts: 127.0.0.1 ad.linksynergy.com
O1 - Hosts: 127.0.0.1 ad.nl.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.no.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.preferences.com
O1 - Hosts: 127.0.0.1 ad.se.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.sma.punto.net
O1 - Hosts: 127.0.0.1 ad.trafficmp.com
O1 - Hosts: 127.0.0.1 ad.uk.doubleclick.net
O1 - Hosts: 127.0.0.1 ad.webprovider.com
O1 - Hosts: 3141 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {6D55F78D-57E0-7A56-9975-02E12506D1B4} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Save Flash - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Web Rebates. - C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Common\yhexbmesuk.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Common\yhexbmesuk.dll (Yahoo! Inc.)
O9 - Extra Button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8174.6097685185 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/26 18:22:26 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/27 11:04:02 | 000,000,124 | RHS- | M] () - F:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2010/02/04 12:28:38 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2085/12/22 18:42:24 | 000,294,912 | ---- | C] (Ahead Software AG) -- C:\shortcut.dll
[2010/02/04 12:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barry\Desktop\Sonique Vis
[2010/02/04 12:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barry\Application Data\vlc
[2010/02/02 12:23:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/01 16:47:00 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\barry\Desktop\OTL.exe
[2010/01/27 09:25:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/27 09:25:35 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/27 09:24:36 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\barry\Desktop\mbam-setup.exe
[2010/01/13 03:13:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/13 02:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barry\Application Data\Malwarebytes
[2010/01/13 02:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/13 02:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/01/13 01:46:15 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\barry\My Documents\zztoy.exe
[2010/01/12 19:37:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\barry\Recent
[2010/01/12 18:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegCure
[2010/01/11 15:53:31 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\barry\Desktop\RootRepeal.exe
[2009/07/06 11:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/06 11:34:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/06 11:34:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/08 08:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/01/07 01:16:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\barry\Application Data\pcouffin.sys
[2008/03/31 04:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Real
[2008/03/31 04:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2007/12/31 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/05 05:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2085/12/22 18:42:24 | 000,294,912 | ---- | M] (Ahead Software AG) -- C:\shortcut.dll
[2010/02/05 22:23:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{829745A4-D126-42D5-99EF-CE92F2849791}.job
[2010/02/05 22:11:37 | 000,001,063 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/05 22:11:37 | 000,000,301 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/02/05 22:11:37 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/02/05 22:09:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/05 22:08:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/05 22:08:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/05 22:08:48 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/05 22:05:34 | 013,369,344 | ---- | M] () -- C:\Documents and Settings\barry\ntuser.dat
[2010/02/05 22:05:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\barry\ntuser.ini
[2010/02/05 21:52:08 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\Flash_Disinfector.exe
[2010/02/05 21:34:23 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 19:39:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/04 17:20:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/04 12:56:26 | 000,863,099 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\20091119095956.zip
[2010/02/04 12:04:05 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2010/02/04 12:01:33 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\barry\My Documents\vlc-1.0.5-win32.exe
[2010/02/04 01:58:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2010/02/02 14:10:18 | 000,038,199 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\su11ra_36_610.pdf
[2010/02/01 16:47:04 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\barry\Desktop\OTL.exe
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\Video .lnk
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\Pictures .lnk
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\Passwords .lnk
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\New Folder .lnk
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\Music .lnk
[2010/02/01 01:21:42 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\barry\Documents .lnk
[2010/01/27 17:12:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\hf7x4ro9.exe
[2010/01/27 09:28:38 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\kd3164i8.exe
[2010/01/27 09:25:42 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/27 09:24:52 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\barry\Desktop\mbam-setup.exe
[2010/01/27 09:20:03 | 000,349,152 | ---- | M] () -- C:\Documents and Settings\barry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/27 09:17:54 | 000,884,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/26 14:46:00 | 000,010,841 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb0000
[2010/01/26 14:46:00 | 000,000,217 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb
[2010/01/26 14:34:18 | 000,096,420 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\Kevin & Perry pics.jpg
[2010/01/14 03:11:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 15:59:07 | 000,442,486 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\0007.jpg
[2010/01/13 12:14:15 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\barry\default.pls
[2010/01/13 01:46:20 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\barry\My Documents\zztoy.exe
[2010/01/12 18:52:37 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\barry\Desktop\SUPERAntiSpyware.exe
[2010/01/12 11:26:43 | 000,547,362 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/12 11:26:43 | 000,459,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/12 11:26:43 | 000,078,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/11 15:53:33 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\barry\Desktop\RootRepeal.exe
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/02/04 12:56:37 | 000,315,868 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\PR-2150 LVD.jpg
[2010/02/04 12:56:37 | 000,310,584 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\PR-2150 EMC.jpg
[2010/02/04 12:56:37 | 000,271,792 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\PR-2150 LVD2.jpg
[2010/02/04 12:56:09 | 000,863,099 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\20091119095956.zip
[2010/02/04 12:14:48 | 001,021,126 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\1280x1024.jpg
[2010/02/04 12:04:05 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2010/02/04 12:00:38 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\vlc-1.0.5-win32.exe
[2010/02/04 11:40:48 | 000,068,257 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\Dance Remix Princess Anne 2009.jpg
[2010/02/04 11:40:45 | 000,116,151 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\MV DANCE_01.jpg
[2010/02/04 11:40:42 | 000,061,342 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\Remixland Non-stop CD2.jpg
[2010/02/02 14:10:16 | 000,038,199 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\su11ra_36_610.pdf
[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\Video .lnk
[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\Pictures .lnk
[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\Passwords .lnk
[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\New Folder .lnk
[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\Music .lnk
[2010/01/30 11:10:13 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\barry\Documents .lnk
[2010/01/27 17:11:59 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\hf7x4ro9.exe
[2010/01/27 09:28:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\kd3164i8.exe
[2010/01/27 09:25:42 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/26 18:23:51 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\Flash_Disinfector.exe
[2010/01/26 14:34:48 | 000,096,420 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\Kevin & Perry pics.jpg
[2010/01/14 03:11:05 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 16:00:03 | 000,442,486 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\0007.jpg
[2010/01/12 18:52:37 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\SUPERAntiSpyware.exe
[2010/01/12 14:45:13 | 000,009,221 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Remix Land 2009 cd2.ncd
[2010/01/12 14:44:58 | 002,574,019 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DSC_0320.JPG
[2010/01/12 14:44:58 | 002,452,326 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DSC_0359.JPG
[2010/01/12 14:44:58 | 002,039,207 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\MV Dance 04 cover.psd
[2010/01/12 14:44:58 | 000,826,102 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\MV - DANCE 07.jpg
[2010/01/12 14:44:58 | 000,310,145 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\BNO cd1.jpg
[2010/01/12 14:44:58 | 000,297,441 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\MV - DANCE 04.jpg
[2010/01/12 14:44:58 | 000,296,203 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\BNO cd3.jpg
[2010/01/12 14:44:58 | 000,260,932 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\MV - DANCE 11.jpg
[2010/01/12 14:44:58 | 000,249,741 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\BNO cd2.jpg
[2010/01/12 14:44:58 | 000,237,971 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Remix Heavan 2009 CD2_edited-1.jpg
[2010/01/12 14:44:58 | 000,198,224 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\M of S Annual 2010.jpg
[2010/01/12 14:44:58 | 000,104,226 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV AUG22-09.ncd
[2010/01/12 14:44:58 | 000,080,655 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV JULY-09.ncd
[2010/01/12 14:44:58 | 000,080,499 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV MAY-09.ncd
[2010/01/12 14:44:58 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV SEPT12-09.ncd
[2010/01/12 14:44:58 | 000,009,716 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Best of Mash Up Mix CD2.ncd
[2010/01/12 14:44:58 | 000,009,281 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Remix Land 2009 cd1.ncd
[2010/01/12 14:44:58 | 000,008,749 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\CD July20-09.ncd
[2010/01/12 14:44:58 | 000,008,713 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Best of Top 40 Nov 2009.ncd
[2010/01/12 14:44:58 | 000,008,168 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV NOV-09.ncd
[2010/01/12 14:44:58 | 000,007,091 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\DVD MV Nov30-09.ncd
[2010/01/12 13:11:23 | 000,102,912 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\Reference letter - miles.doc
[2010/01/12 13:11:23 | 000,090,989 | ---- | C] () -- C:\Documents and Settings\barry\Desktop\Reference form - miles.doc
[2010/01/12 13:11:23 | 000,009,499 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Top 20 Hits July 2009.ncd
[2010/01/12 13:11:23 | 000,008,030 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Tamla Motown Classics1.ncd
[2010/01/12 13:11:23 | 000,001,488 | ---- | C] () -- C:\Documents and Settings\barry\My Documents\Remixed Land Non-stop 1 Track CD 2009.rtf
[2009/01/07 01:16:26 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\barry\Application Data\pcouffin.log
[2009/01/07 01:16:25 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\barry\Application Data\ezpinst.exe
[2009/01/07 01:16:25 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\barry\Application Data\pcouffin.cat
[2009/01/07 01:16:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\barry\Application Data\pcouffin.inf
[2008/12/31 01:06:22 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/12/31 01:05:59 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/12/31 01:05:58 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/31 01:05:57 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/31 01:05:57 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/03 07:22:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2008/08/12 19:22:36 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/03/17 15:58:58 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\barry\Local Settings\Application Data\fusioncache.dat
[2008/03/03 12:47:07 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2007/12/13 10:25:05 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/12/03 19:36:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE ESP1400Euro.ini
[2007/09/27 01:38:00 | 000,890,953 | ---- | C] () -- C:\WINDOWS\Txtis.ini
[2007/08/08 23:41:52 | 000,223,305 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2007/08/08 23:41:38 | 000,890,953 | ---- | C] () -- C:\WINDOWS\HSC_sq4.ini
[2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/01/11 19:33:18 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ACBB732420.sys
[2006/10/18 23:56:50 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\202473BBAC.sys
[2006/10/18 23:56:48 | 000,009,394 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/20 22:15:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLea.DAT
[2006/08/09 23:19:16 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys
[2006/08/08 01:14:23 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv300053706p4now.sys
[2006/03/09 23:21:57 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2006/03/09 02:38:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/22 15:17:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll
[2005/10/18 21:24:31 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2005/10/17 19:57:51 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/10/17 19:55:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER220.ini
[2005/10/17 19:05:40 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2005/08/12 21:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/06 02:20:25 | 000,043,008 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2005/05/30 13:25:45 | 000,000,128 | ---- | C] () -- C:\WINDOWS\keypad.ini
[2005/03/06 21:14:10 | 000,001,556 | ---- | C] () -- C:\WINDOWS\psmplay.ini
[2005/01/23 21:53:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER200Euro.ini
[2005/01/07 15:14:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nokiacontentcopier.INI
[2004/12/28 19:07:49 | 000,019,042 | -H-- | C] () -- C:\Program Files\aviedit.GID
[2004/12/28 19:04:33 | 000,657,408 | ---- | C] () -- C:\Program Files\outputBM.avi
[2004/12/06 02:29:03 | 000,000,640 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2004/11/02 10:40:22 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/11/02 10:40:22 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/11/02 10:24:14 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/10/27 23:44:53 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2004/10/27 23:44:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/10/20 22:14:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/11 13:49:04 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/08/11 17:07:40 | 000,000,045 | ---- | C] () -- C:\WINDOWS\CDHGFFHN.ini
[2004/07/31 20:28:19 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2004/07/16 20:07:46 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/14 21:12:25 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/14 00:02:32 | 000,000,032 | ---- | C] () -- C:\WINDOWS\serials.INI
[2004/07/10 23:27:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/10 13:03:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/07/08 00:49:13 | 000,053,303 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/20 12:52:52 | 000,000,612 | ---- | C] () -- C:\WINDOWS\System32\Generic.ini
[2003/10/31 09:49:18 | 000,000,233 | ---- | C] () -- C:\WINDOWS\Swap008F.ini
[2003/10/31 09:48:04 | 000,000,233 | ---- | C] () -- C:\WINDOWS\Swap008E.ini
[2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/30 22:38:19 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2003/08/07 19:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2000/12/29 09:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2000/09/12 11:12:00 | 000,000,197 | -H-- | C] () -- C:\WINDOWS\System32\win709a.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4B7BEAFF
< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:21 PM

Posted 05 February 2010 - 06:42 PM

Hi,

let's focus on this PC first. Please run a scan with gmer as well:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 BarryClifford

BarryClifford
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 09 February 2010 - 11:15 PM

Sorry,about the delay!but have been experiencing more problems! tried to run GMER but it failed to finish saying insuffiecant resourses,
the pc was really struggling to move and at the same time more infestations tried to cause more havoc,luckely manage to get malware bytes scan up and running just in time and after a day 101 items were listed to be quarentined(ie:Smss32.exe Isass.exe trojan SPM/LX Backdoor.bot agents etc)after rebooting seems to be back better,but not 100%.I didn't try GMER in safe mode do you want me to try that first or what next? Baz crazy.gif crazy.gif

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:21 AM

Posted 13 February 2010 - 03:50 AM

Hi BarryClifford,


Myrti is not available right now, I will be helping you with the continued support.


Step1
  1. If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  2. Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  3. Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  4. Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  5. Click Yes to allow Combofix to continue scanning for malware.
  6. When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  7. Do not mouse click on Combofix while it is running. That may cause it to stall.


Step2

I notice you have MBAM installed in your system, Please rerun it as instructed in the following. Update your virus definitions before proceeding. If you can't update the program, you can download the virus definitions from Here and install manually.
  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


After that, please go to this thread and do as instructed to run DDS log and post the contents in your next reply.

In your next reply, please psot back:


1.ComboFix log
2.MBAM log
3.DSS txt and attach log.

Let me know if you have any remaining issues on your pc.

#7 BarryClifford

BarryClifford
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 16 February 2010 - 09:07 AM

Hi Sundavis thank you very much for your help,just to update you as i have been off line for about 4 days,i have two pc with problems,this is an older Athlon 1.0 pc that i am communicating to you on,it was infected from the other pc downstairs(Sony Vaio)both for a while had no internet conection,this one lost internet connectivity about 4/5 days ago after a lot of infestation(Trojans, agents etc, 103 in total)I just managed to get Malware Bytes up and running in time and deleted most of the problems,So hafter that lost internet,with Belkin support just managed to get back on line smile.gif Ok now i don't have Combofix where do i get it from? Baz.

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:21 AM

Posted 16 February 2010 - 09:49 AM

Hi BarryClifford,


QUOTE
don't have Combofix where do i get it from?

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

#9 BarryClifford

BarryClifford
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 16 February 2010 - 10:24 PM

Hi here are the logs from combofix and malware bytes
Malwarebytes' Anti-Malware 1.44
Database version: 3740
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/02/2010 20:50:48
mbam-log-2010-02-16 (20-50-48).txt

Scan type: Quick Scan
Objects scanned: 174559
Time elapsed: 35 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ComboFix 10-02-12.01 - barry 16/02/2010 19:39:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.256 [GMT 0:00]
Running from: c:\documents and settings\barry\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\barry\Application Data\localstlibrary
c:\documents and settings\barry\Application Data\localstlibrary\localstlibrary .exe
c:\program files\INSTALL.LOG
c:\recycler\S-1-5-21-1202660629-1078145449-854245398-1000
c:\recycler\S-1-5-21-527237240-436374069-1343024091-500
C:\s
c:\windows\BackUp
c:\windows\BackUp\TB041102.DAT
c:\windows\patch.exe
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11840.exe
c:\windows\system32\11942.exe
c:\windows\system32\12316.exe
c:\windows\system32\12382.exe
c:\windows\system32\12623.exe
c:\windows\system32\12859.exe
c:\windows\system32\13931.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\15006.exe
c:\windows\system32\15141.exe
c:\windows\system32\153.exe
c:\windows\system32\15350.exe
c:\windows\system32\15724.exe
c:\windows\system32\15890.exe
c:\windows\system32\16827.exe
c:\windows\system32\16944.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\17673.exe
c:\windows\system32\1842.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\18756.exe
c:\windows\system32\19169.exe
c:\windows\system32\19264.exe
c:\windows\system32\19629.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\19954.exe
c:\windows\system32\20037.exe
c:\windows\system32\21726.exe
c:\windows\system32\22190.exe
c:\windows\system32\22648.exe
c:\windows\system32\23281.exe
c:\windows\system32\23805.exe
c:\windows\system32\23811.exe
c:\windows\system32\24084.exe
c:\windows\system32\24370.exe
c:\windows\system32\24393.exe
c:\windows\system32\24464.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26308.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\27446.exe
c:\windows\system32\27529.exe
c:\windows\system32\27644.exe
c:\windows\system32\28145.exe
c:\windows\system32\28253.exe
c:\windows\system32\28703.exe
c:\windows\system32\288.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\30106.exe
c:\windows\system32\30333.exe
c:\windows\system32\3035.exe
c:\windows\system32\31101.exe
c:\windows\system32\31322.exe
c:\windows\system32\32391.exe
c:\windows\system32\32662.exe
c:\windows\system32\32757.exe
c:\windows\system32\3548.exe
c:\windows\system32\3902.exe
c:\windows\system32\4664.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\4966.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6729.exe
c:\windows\system32\6868.exe
c:\windows\system32\7376.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\8723.exe
c:\windows\system32\8942.exe
c:\windows\system32\9040.exe
c:\windows\system32\9741.exe
c:\windows\system32\9894.exe
c:\windows\system32\9961.exe
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\system32\ctfmon .exe
c:\windows\system32\Process.exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Ultra.dll
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.

2085-12-22 18:42 . 2085-12-22 18:42 294912 ----a-w- C:\shortcut.dll
2010-02-15 18:43 . 2010-02-15 18:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-10 03:30 . 2010-02-10 03:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-09 11:59 . 2010-02-09 11:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-02-09 11:54 . 2010-02-09 11:54 4 ----a-w- c:\program files\88846234.dat
2010-02-09 11:46 . 2010-02-09 11:46 -------- d-----w- c:\documents and settings\barry\Local Settings\Application Data\shsysCMP
2010-02-04 12:05 . 2010-02-16 12:07 -------- d-----w- c:\documents and settings\barry\Application Data\vlc
2010-02-02 12:23 . 2010-02-02 12:23 -------- d-----w- C:\_OTL
2010-01-27 09:25 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 09:25 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 21:32 . 2005-01-23 21:54 -------- d-----w- c:\program files\EPSON Print CD
2010-02-08 14:55 . 2003-12-09 00:30 -------- d---a-w- c:\program files\Common Files\Wise Installation Wizard
2010-01-27 09:25 . 2010-01-13 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 09:20 . 2004-10-20 01:31 349152 -c--a-w- c:\documents and settings\barry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-13 02:33 . 2010-01-13 02:33 -------- d-----w- c:\documents and settings\barry\Application Data\Malwarebytes
2010-01-13 02:33 . 2010-01-13 02:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-12 19:17 . 2010-01-12 18:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RegCure
2009-12-31 16:50 . 2001-08-23 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-23 19:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-07-31 21:50 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2001-08-23 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2001-08-17 13:48 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2001-08-23 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-10-03 01:58 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-07-10 23:27 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-23 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-07-31 21:52 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-07-31 21:10 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2004-07-31 21:07 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2004-12-28 19:17 . 2004-12-28 19:07 19042 -c-ha-w- c:\program files\aviedit.GID
2004-12-28 19:04 . 2004-12-28 19:04 657408 -c--a-w- c:\program files\outputBM.avi
2004-01-07 05:28 . 2003-09-30 22:38 21952 -c-ha-w- c:\program files\folder.htt
2007-08-12 00:10 . 2007-02-07 00:37 66408 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-08-12 00:10 . 2007-02-07 00:37 54112 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-08-12 00:10 . 2007-02-07 00:37 34688 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-08-12 00:11 . 2007-02-07 00:37 46456 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-08-12 00:11 . 2007-02-07 00:37 171880 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-10-03 09:29 . 2006-10-18 23:56 168 -csh--r- c:\windows\system32\202473BBAC.sys
2008-12-23 21:01 . 2006-10-18 23:56 9394 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
CODE
<pre>
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\windows\PCHEALTH\HELPCTR\Binaries\msconfig .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [N/A]
"notepad"="c:\windows\system32\config\SYSTEM~1\ntload.dll" [N/A]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NkvMon.exe.lnk]
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^barry^Start Menu^Programs^Startup^..]
path=c:\documents and settings\barry\Start Menu\Programs\Startup\..
backup=c:\windows\pss\..Startup

[HKLM\~\startupfolder\C:^Documents and Settings^barry^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^barry^Start Menu^Programs^Startup^Slide.exe.lnk]
backup=c:\windows\pss\Slide.exe.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockAds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop-Up-Blocker
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetIcon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webrebates
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-08-01 13:31 109056 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asg984jgkfmgasi8ug98jgkfgfb]
c:\docume~1\barry\LOCALS~1\Temp\services.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 12:15 342848 -c--a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
c:\windows\ctfmon.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
2005-11-04 02:40 452968 -c--a-w- c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo 1400 Series]
2006-07-04 04:00 139264 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBUE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
2003-09-11 03:00 99840 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security 2010]
c:\program files\InternetSecurity2010\IS2010.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\liouqi]
c:\documents and settings\barry\liouqi.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\localstlibrary]
c:\documents and settings\barry\Application Data\localstlibrary\localstlibrary.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsass]
c:\windows\lsass.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2005-04-27 12:04 6856704 -c--a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 09:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netc]
c:\windows\svc.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netw]
c:\windows\svw.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netx]
c:\windows\svx.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 13:16 5058560 -c--a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odnex]
c:\windows\odbns.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
G:\QTTask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\servicelayer]
c:\windows\servicelayer.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
2006-11-04 03:28 4468736 -c--a-w- c:\creativesfiles\Shareaza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shsysCMP]
2010-02-08 05:13 77824 ----a-w- c:\documents and settings\barry\Local Settings\Application Data\shsysCMP\shsysCMP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smss32.exe]
c:\windows\system32\smss32.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 -c--a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uishf9wuifwuh387fh3wufinhjfdwefe]
c:\docume~1\barry\locals~1\temp\ohyg5li .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"d:\\Kazaa Lite\\KazaaLite.kpp"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Program Files\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"g:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"15062:TCP"= 15062:TCP:BitComet 15062 TCP
"15062:UDP"= 15062:UDP:BitComet 15062 UDP

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [06/12/2004 00:20 19478]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [06/12/2004 00:20 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [06/12/2004 00:20 431236]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15/07/2007 02:37 27992]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [20/02/2006 00:52 2368]
S0 Ramdisk;Ramdisk Driver; [x]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [06/12/2004 00:20 64093]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [10/09/2001 08:00 17976]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [14/12/2004 19:35 22992]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [14/12/2004 19:35 24404]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [14/12/2004 19:35 55890]
.
Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\User_Feed_Synchronization-{829745A4-D126-42D5-99EF-CE92F2849791}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &eBay Search
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel
IE: Save Flash - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Web Rebates. - file://c:\program files\WebRebates4\websrebates\webtrebates\toprC0.htm
IE: {{37236812-C1A2-4529-A9CE-CFE04E3DF08A}
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
TCP: {81D5673B-4E15-4FD3-915B-2746569D1D1E} = 4.2.2.2,4.2.2.1
FF - ProfilePath - c:\documents and settings\barry\Application Data\Mozilla\Firefox\Profiles\sokuc12n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\barry\Application Data\Mozilla\Firefox\Profiles\sokuc12n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\barry\Application Data\Mozilla\Firefox\Profiles\sokuc12n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)
SharedTaskScheduler-bestreak - (no file)
SafeBoot-sglfb.sys
SafeBoot-tga.sys
AddRemove-HijackThis - l:\new from winmx sept 2005\HijackThis.exe
AddRemove-SiS7018 - c:\program files\SiS7018\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7018



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 19:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,82,29,03,e7,9e,d3,4e,8f,ba,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,82,29,03,e7,9e,d3,4e,8f,ba,fe,\

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
Completion time: 2010-02-16 20:00:21
ComboFix-quarantined-files.txt 2010-02-16 20:00

Pre-Run: 604,389,376 bytes free
Post-Run: 560,721,920 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 1A2B263BC6D08F16E694D69EFE943001


#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:21 AM

Posted 17 February 2010 - 01:25 AM

Hi BarryClifford,



Start > Run > type: MSConfig > Press Enter
In the General tab, Startup Selection, choose: Normal Startup--load all device drivers and services
Press OK and Reboot your pc.


Step1
  1. Close any open browsers
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
CODE
RenV::
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\windows\PCHEALTH\HELPCTR\Binaries\msconfig .exe

File::
C:\Documents and Settings\barry\Video .lnk
C:\Documents and Settings\barry\Pictures .lnk
C:\Documents and Settings\barry\Passwords .lnk
C:\Documents and Settings\barry\New Folder .lnk
C:\Documents and Settings\barry\Music .lnk
C:\Documents and Settings\barry\Documents .lnk

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"notepad"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asg984jgkfmgasi8ug98jgkfgfb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security 2010]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\liouqi]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\localstlibrary]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsass]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netx]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odnex]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\servicelayer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smss32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uishf9wuifwuh387fh3wufinhjfdwefe]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0]
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

After that, please go to Here to run DDS as instructed in that thread and post back two logs in your next reply.


In your next reply, please post back:

1.ComboFix log
2.DDS txt and attach txt

Tell me if you have any remaining issues on this pc.

#11 BarryClifford

BarryClifford
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 17 February 2010 - 10:57 AM

Attached File  Attach.txt   25.78KB   8 downloadsHere are the Combofix Logs and dds logs.I don't think there are any more problems with this pc,do you want to fix the other one now? but this one still doesn't have internet connection and is down stairs. Thank you for your help.Baz. thumbup.gif thumbup.gif
ComboFix 10-02-16.02 - barry 17/02/2010 13:24:25.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.231 [GMT 0:00]
Running from: c:\documents and settings\barry\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\barry\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\barry\Documents .lnk"
"c:\documents and settings\barry\Music .lnk"
"c:\documents and settings\barry\New Folder .lnk"
"c:\documents and settings\barry\Passwords .lnk"
"c:\documents and settings\barry\Pictures .lnk"
"c:\documents and settings\barry\Video .lnk"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\barry\Local Settings\Application Data\shsysCMP\shsysCMP.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-09 11:52 . 2010-02-09 11:52 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-02-04 12:05 . 2010-02-16 12:07 -------- d-----w- c:\documents and settings\barry\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2085-12-22 18:42 . 2085-12-22 18:42 294912 ----a-w- C:\shortcut.dll
2010-02-17 13:47 . 2008-11-14 00:49 -------- d-----w- c:\program files\DNA
2010-02-17 13:47 . 2008-11-14 00:49 -------- d-----w- c:\documents and settings\barry\Application Data\DNA
2010-02-17 13:14 . 2010-02-17 13:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-17 13:13 . 2006-11-22 23:46 -------- d-----w- c:\program files\Java
2010-02-17 13:09 . 2003-10-02 22:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-17 12:57 . 2005-01-23 21:54 -------- d-----w- c:\program files\EPSON Print CD
2010-02-09 11:54 . 2010-02-09 11:54 4 ----a-w- c:\program files\88846234.dat
2010-02-08 14:55 . 2003-12-09 00:30 -------- d---a-w- c:\program files\Common Files\Wise Installation Wizard
2010-01-27 09:25 . 2010-01-13 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 09:20 . 2004-10-20 01:31 349152 -c--a-w- c:\documents and settings\barry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-13 02:33 . 2010-01-13 02:33 -------- d-----w- c:\documents and settings\barry\Application Data\Malwarebytes
2010-01-13 02:33 . 2010-01-13 02:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-12 19:17 . 2010-01-12 18:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RegCure
2010-01-07 16:07 . 2010-01-27 09:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2010-01-27 09:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2001-08-23 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-23 19:32 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-07-31 21:50 343040 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2001-08-23 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2001-08-17 13:48 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2001-08-23 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-10-03 01:58 1291776 -c--a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-07-10 23:27 17920 -c--a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-23 12:00 28672 -c--a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 -c--a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-07-31 21:52 11264 -c--a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-07-31 21:10 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 -c--a-w- c:\windows\system32\iyuv_32.dll
2004-12-28 19:17 . 2004-12-28 19:07 19042 -c-ha-w- c:\program files\aviedit.GID
2004-12-28 19:04 . 2004-12-28 19:04 657408 -c--a-w- c:\program files\outputBM.avi
2004-01-07 05:28 . 2003-09-30 22:38 21952 -c-ha-w- c:\program files\folder.htt
2007-08-12 00:10 . 2007-02-07 00:37 66408 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-08-12 00:10 . 2007-02-07 00:37 54112 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-08-12 00:10 . 2007-02-07 00:37 34688 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-08-12 00:11 . 2007-02-07 00:37 46456 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-08-12 00:11 . 2007-02-07 00:37 171880 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-10-03 09:29 . 2006-10-18 23:56 168 -csh--r- c:\windows\system32\202473BBAC.sys
2008-12-23 21:01 . 2006-10-18 23:56 9394 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shareaza"="c:\creativesfiles\Shareaza.exe" [2006-11-04 4468736]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2005-04-27 6856704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-02-17 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-13 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-17 149280]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE" [2003-09-11 99840]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2005-11-04 452968]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NkvMon.exe.lnk]
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^barry^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^barry^Start Menu^Programs^Startup^Slide.exe.lnk]
backup=c:\windows\pss\Slide.exe.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"d:\\Kazaa Lite\\KazaaLite.kpp"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Program Files\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"g:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"15062:TCP"= 15062:TCP:BitComet 15062 TCP
"15062:UDP"= 15062:UDP:BitComet 15062 UDP

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [06/12/2004 00:20 19478]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [06/12/2004 00:20 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [06/12/2004 00:20 431236]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15/07/2007 02:37 27992]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [20/02/2006 00:52 2368]
S0 Ramdisk;Ramdisk Driver; [x]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [06/12/2004 00:20 64093]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [10/09/2001 08:00 17976]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [14/12/2004 19:35 22992]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [14/12/2004 19:35 24404]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [14/12/2004 19:35 55890]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel
IE: Save Flash - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Web Rebates. - file://c:\program files\WebRebates4\websrebates\webtrebates\toprC0.htm
IE: {{37236812-C1A2-4529-A9CE-CFE04E3DF08A}
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
TCP: {81D5673B-4E15-4FD3-915B-2746569D1D1E} = 4.2.2.2,4.2.2.1
FF - ProfilePath - c:\documents and settings\barry\Application Data\Mozilla\Firefox\Profiles\sokuc12n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\barry\Application Data\Mozilla\Firefox\Profiles\sokuc12n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\barry\Application Data\Mozilla\Firefox\Profiles\sokuc12n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-shsysCMP - c:\documents and settings\barry\Local Settings\Application Data\shsysCMP\shsysCMP.dll
HKCU-Run-localstlibrary - c:\documents and settings\barry\Application Data\localstlibrary\localstlibrary.exe
HKCU-Run-liouqi - c:\documents and settings\barry\liouqi.exe
HKLM-Run-QuickTime Task - G:\QTTask.exe
HKLM-Run-odnex - c:\windows\odbns.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 13:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\SAgent4.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\devldr32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\System32\locator.exe
c:\windows\System32\ssmypics.scr
.
**************************************************************************
.
Completion time: 2010-02-17 14:03:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-17 14:03

Pre-Run: 1,216,942,080 bytes free
Post-Run: 1,190,621,184 bytes free

- - End Of File - - 855417791AE9BFCD13357DC0138732BD

DDS (Ver_09-12-01.01) - NTFSx86
Run by barry at 15:28:42.56 on 17/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.147 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
d:\program files\Reader\AcroRd32.exe
C:\Documents and Settings\barry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesuk.dll
uRun: [Shareaza] "c:\creativesfiles\Shareaza.exe" -tray
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
mRun: [eBayToolbar] c:\program files\ebay\ebay toolbar2\eBayTBDaemon.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel
IE: Save Flash - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/210
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Web Rebates. - file://c:\program files\webrebates4\websrebates\webtrebates\toprC0.htm
IE: {37236812-C1A2-4529-A9CE-CFE04E3DF08A}
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\progra~1\yahoo!\common\yhexbmesuk.dll
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38174.6097685185
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {81D5673B-4E15-4FD3-915B-2746569D1D1E} = 4.2.2.2,4.2.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\barry\applic~1\mozilla\firefox\profiles\sokuc12n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\barry\application data\mozilla\firefox\profiles\sokuc12n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\barry\application data\mozilla\firefox\profiles\sokuc12n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2004-12-6 19478]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2004-12-6 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2004-12-6 431236]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-7-15 27992]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2006-2-20 2368]
S0 Ramdisk;Ramdisk Driver; [x]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2004-12-6 64093]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2001-9-10 17976]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [2004-12-14 22992]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [2004-12-14 24404]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [2004-12-14 55890]

=============== Created Last 30 ================

2085-12-22 18:42:24 294912 ----a-w- C:\shortcut.dll
2010-02-17 15:27:57 0 ----a-w- c:\documents and settings\barry\defogger_reenable
2010-02-17 13:14:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 19:34:51 0 d-sha-r- C:\cmdcons
2010-02-16 19:32:33 98816 ----a-w- c:\windows\sed.exe
2010-02-16 19:32:33 77312 ----a-w- c:\windows\MBR.exe
2010-02-16 19:32:33 261632 ----a-w- c:\windows\PEV.exe
2010-02-16 19:32:33 161792 ----a-w- c:\windows\SWREG.exe
2010-02-15 18:43:48 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-12 19:41:34 0 d---a-r- C:\autorun.inf
2010-02-09 11:54:03 4 ----a-w- c:\program files\88846234.dat
2010-02-02 12:23:00 0 d-----w- C:\_OTL
2010-01-27 09:25:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 09:25:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

==================== Find3M ====================

2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 -c--a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 -c--a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 -c--a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 -c--a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 -c--a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 -c--a-w- c:\windows\system32\msrle32.dll
2004-12-28 19:17:29 19042 -c-ha-w- c:\program files\aviedit.GID
2004-12-28 19:04:55 657408 -c--a-w- c:\program files\outputBM.avi
2004-01-07 05:28:06 271 -csh--w- c:\program files\desktop.ini
2004-01-07 05:28:06 21952 -c-ha-w- c:\program files\folder.htt
2008-10-03 09:29:39 168 -csh--r- c:\windows\system32\202473BBAC.sys
2008-12-23 21:01:16 9394 -csha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:29:57.16 ===============


#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:21 AM

Posted 17 February 2010 - 11:28 AM

Hi BarryClifford,



Please uninstall the following outdated javas and go into the Control Panel (Classic View) and double-click the Java Icon. (looks like a coffee cup) to upgrade your java version.

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java™ SE Runtime Environment 6 Update 1

After that, please clear your java cache as instructed in this thread .

Step1
  1. Close any open browsers
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
CODE
DDS::
uInternet Settings,ProxyOverride = *.local
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
IE: {37236812-C1A2-4529-A9CE-CFE04E3DF08A}
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {F4430FE8-2638-42e5-B849-800749B94EED}
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Step2

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step3

Let's try to fix your internet problem. Please go to this thread and download WinsockXPfix to fix your internet access problem. Restart your pc after proceeding the fix.

Click Start>Run>Type CMD>A command prompt DOS window will open. Type/Paste ipconfig /flushdns and then press Enter to purge the DNS resolver cache.

Please proceed to do some disk cleanup, disk defragmenter, and check disk as instructed in this thread .

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Open IE, select Tools > Internet Options. Select the Connections tab.
  1. If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  2. In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  3. Click OK.
  4. Click Advanced tab and click on Reset button
  5. In the Reset Internet Explorer Settings dialog box, click Reset to confirm.
After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.

If your Firefox can't work properly, you're well advised to uninstall FF completely and do a clean reinstall. You may backup Bookmark before proceeding. Please go to Here and Here .

Let me know how things went.


#13 BarryClifford

BarryClifford
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 18 February 2010 - 02:11 PM

Hi there thanks a lot so far! ok the internet connection for this machine has been reconnected,the pc i need back on line is a Sony Vaio desktop which i use downstairs it's running Vista i have done the command prompt successfully flushed the DNS resolver Cashe!There seems to be a problem with the ip stack as it won't ping itself (127.)or any other ip address! can you help! This was the first pc that i ran a topic on with Myrti which had no internet connection due to many faults,i was taking txts anti virus software from this pc to the Sony Vaio (Ver the sd card socket) when this pc also became infected,so Myrti decided to do this one first! i managed to get Malware Bytes installed onto the Vaio and get rid of most of the problems but i think we still need to get some under lieing problems fixed,so need the internet connection back on.Baz mellow.gif


#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:21 AM

Posted 18 February 2010 - 03:57 PM

Hi BarryClifford,


QUOTE
ok the internet connection for this machine has been reconnected

That means this pc is back to working order. thumbup2.gif Let's do some tidy up on this pc and then we can proceed to your Vaio desktop.


Step1

Click START then RUN
Now copy/paste ComboFix /Uninstall in the runbox and click OK.
Note the space between the X and the /Uninstall, it needs to be there.



This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step2

Start OTL from your desktop.
  1. Double click OTL and let it run
  2. Then Click the Cleanup button.
  3. You will get a prompt saying "Being Cleanup Process". Please select Yes.
  4. Restart your computer when prompted.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  2. Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  3. Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:21 AM

Posted 18 February 2010 - 04:07 PM

Hi BarryClifford,



Let's proceed to your vaio desktop. You may transfer the necessary programs to your desktop via pen drive or usb if you can't access the internet. Please do the following:


Step1

Please download GMER Rootkit Scanner from Here or Here.
  1. Extract the contents of the zipped file to desktop.
  2. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  3. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  4. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  5. Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  6. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2
  1. If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  2. Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  3. Note: If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc.
    If Windows doesn't start correctly, you can use these tools to repair startup problems.
  4. Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  5. Click Yes to allow Combofix to continue scanning for malware.
  6. When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  7. Do not mouse click on Combofix while it is running. That may cause it to stall.
  8. If you have problem to run ComboFix, please delete that copy and redownload it again. Rename the ComboFix.exe to Barry.exe before saving it to your desktop or run it in safe mode.
After that, please go to Here to run DDS as instructed in that thread and post back two logs in your next reply.


In your next reply, please post back:


1.Gmer log
2.ComboFix log
3.DSS txt and attach log.

Please detail the problems you're still experiencing now.

Edited by sundavis, 18 February 2010 - 04:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users